Enhancement: Add testcases to validate JSF signatures

[mrutkows]

Currently, JSF signatures are only validated for correctness (in thei; we need testcases to verify this. As part of this effort we may also want to add custom "structs" for JSF objects/fields and create custom marshallers/unmarshallers for them. Having these would allow us to create custom validation against the actual data in the future.

Attempt to use this tool to generate signed BOMs (which was used for the actual spec. examples):

• JSF reference implementation for Node
  • https://github.com/cyberphone/node-webpki.org

Please note that CDX does NOT support all fields of the IETFC RFC draft... but SHOULD support those generated by the tool.