[IDEA] make universal

[jkowalleck]

current implementation utilizes https://github.com/CycloneDX/cyclonedx-node-module/ in version @<4 v3 is deprecated. v4 became a meta package, utilizing special implmentations for npm, pnpm, yarn, ...

GOAL: rework this GH action:

• input (intended to be as much backward compatible as possible, to not break users of @master version to much)
  • path to the project dir - default to ./
  • cyclonedx-version: {1.4, 1.3, ...} - default to latest`
  • output: output file - default to ./bom.xml
  • package-manager: {npm, pnpm, yarn, yarn2}
• it is expected that the env anlready has a node env setup and the packagemanager is installed.
• auto-detection: based on lock file type
  • it could detect existence of {npm,pnpm,yarn}-lockfile
• process:
  • if the tools are not yet available in the current target env, then the needed appropriate tools are installed with the according eco system (npx i/pnpm add,yarn add) in a temp dir
  • the appropriate application is run from that temp dir
  • if there is no appropriate application (yet) the GH action exists with an error, prints a info message.

---

internally

• [ ] utilize https://github.com/CycloneDX/cyclonedx-node-npm
• [ ] utilize https://github.com/CycloneDX/cyclonedx-node-pnpm
• [ ] utilize https://github.com/CycloneDX/cyclonedx-node-yarn

---

change process:

• [x] write the docs with: use @v1 - instead of @master
• [ ] current master becomes available as git branch 1.x
• [ ] next version is properly tagged as v2 and so on ...
• :warning: since there might be uses that run directly on @master - the master branch must be working all the time - do development in a dedicated temp branch !