Updates in order to be compatible with versions of Ruby < 2.3.0

[chris-sansone-angi]

I made a few updates in order to make the cyclonedx-ruby gem compatible with versions of Ruby < 2.3.0:

1. I removed ostruct as an explicit dependency in the gemspec as it is part of the Ruby stdlib. If you use the version that gets pulled down from RubyGems.org there is a currently a bug in it which breaks backwards compatibility for versions of Ruby < 2.3.0 (I reported the bug here)
2. I removed the usage of nokogiri to do the XML document generation and moved to the rexml library which AFAIK does not have any specific Ruby version dependencies
3. Added an explicit dependency on bundler with a version that supports Ruby >= 1.8.7

I also added some retry logic to the get_gem method in lib/bom_helpers.rb which makes remote HTTP API calls to https://rubygems.org and often suffers from intermittent issues (e.g. HTTP 502 Bad Gateway)