feat: populate `component.authors`

[fkleon]

Relating to the (upcoming) 4.0.0 release:

The author field is currently missing in the resulting SBOM but could be populated from the project.authors field in pyproject.toml (although pyproject allows multiple authors).

See:

• https://cyclonedx.org/docs/1.5/json/#metadata_component_author
• https://packaging.python.org/en/latest/specifications/pyproject-toml/#authors-maintainers

[jkowalleck]

need to reflect:

• author from pyproject.toml for project.authors ala PEP621
• author from pyproject.toml for tool.poetry.authors ala https://python-poetry.org/docs/pyproject#authors
• environment's core-metadata for all Author ala https://packaging.python.org/en/latest/specifications/core-metadata/#author

[jkowalleck]

the "authors" feature was removed in v4 for the fact thast some things were just uncertain. CycloneDX allows exactly one author. Python projects may have multiple ...

to be clarified: which parts of the "author" should be used? there are multiples:

• name
• email-address

to be clarified: how to describe multiple authors? see https://github.com/CycloneDX/specification/issues/335

• concatenate multiple with a & or |?
• just use the first author and thats is it
• just use the first author and add a "et al."(Latin "and others", commonly practice in legal area) - ala Jane Doe <[email protected]> et al.

need to clarify with CycloneDX core team and specification partners.

[jkowalleck]

since v4 was published and released (:tada:), this feature request is open for contributors. Feel free to discuss solutions or open pull requests. Please see the existing requirements and spec descriptions above.

[jkowalleck]

further: CycloneDX 1.6 got versatile support for $.components[].authors (deprecating $.components[].author)

expected result could be: Populate $.components[].authors with a structure, and, additionally, populate $.components[].author with a derived string.