Migrate(non-breaking) publisher from `string` to `organizationalContact`

[prabhu]

Deprecate publisher in favor of a strongly typed publisherContact of type organizationalContact

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.schema.json#L906-L910

This will allow organizations to analyze for publisher related risks better and avoid the use of components from anonymous or publishers with just a name.