Take care of "special" spdx metadata when converting from spdx to cyclonedx

[savek-cc]

Curently a conversion from spdx to cyclonedx creates purl references in cycloneDX like so: "properties": [ { "name": "spdx:external-reference:package-manager:purl", "value": "pkg:whatever" }, ... The "eternal-reference" type purl (and probably cpe for that matter) should be translated to the actual purl and/or cpe fields of the component in cycloneDX in order to be usable e.g. in DependencyTrack.