Add VEX Support for Rejected

[msymons]

Current Behavior

CycloneDX 1.5 adds support for a new date field to record when (if) a vulnerability has been Rejected. See specification issue 168. ie, if field is not present then vulnerability has not been rejected!

An example of a rejected vulnerability is CVE-2021-23334.

Dependency-Track does not currently support handling this field.

Proposed Behavior

Update VEX handling in DT to support rejected timestamp. This would apply to VEX export and import,

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested