Add support for displaying/validating CDX Signature schema (struct)

[mrutkows]

i.e., add property Signature CDXSignaturejson:"signature,omitempty"to top-levelCDXBom` structure. Then support it with signing verification (validation) with testcases.

This will be a bit of a challenge as we may also need to implement JSF schema:

• https://github.com/CycloneDX/specification/blob/master/schema/jsf-0.82.schema.json

As referenced by the CycloneDX schema (external).

As we want the utility to work in a network-disconnected environment (e.g., a secure build pipeline), this would have to bring in a static encoding (marshal/unmarshal, etc.)