Add support for pulling in additional dependencies through `externalReferences`

[vpetersson]

Current Behavior

It is my understanding that Dependency Track does not currently pull in dependencies specified in externalReferences. There are a lot of use cases for this, including more complex products.

Proposed Behavior

The main use cases are externalReferences with URLs, in which case it would be great if DT could pull these in. Authentication is of course asn issue here.

BOM-Link is also an option in externalReferences, where it perhaps would make sense to have some kind of bundle (zip file?) with a set of SBOMs that can reference each other.

Checklist

• [x] I have read and understand the contributing guidelines
• [x] I have checked the existing issues for whether this enhancement was already requested