Support use of Maven to resolve all dependencies.

[GijsCalis]

1. Use Maven application to resolve all dependencies, including from parent poms and Maven BOM's. This is done using Maven to generate an 'effective-pom' in which all dependencies and their versions are fully resolved. See README.md#L723 for more details on the workings.
2. Small improvement of resolution of groupId and version for modules. For modules, when these are missing in the pom.xml the groupId and/or version of the parent are used syft/pkg/cataloger/java/parse_pom_xml.go#L265
3. Some minor fixes and additions to logging to ease debugging.

fixes #2017, fixes #1129, fixes #1813

A side note: I've also got a pretty good idea on how to fix many of the issues above without running Maven. But this takes some more time because parent poms and BOMs will need to be traversed. It is unlikely to be completely fail-safe, but should improve the cataloging greatly and fix/improve many outstanding issues.

[GijsCalis]

BTW, this is my first attempt at programming in Go. So I'm certainly open to (and prepared for :-) feedback.

[willmurphyscode]

Note to reviewers: This looks like a special case of https://github.com/anchore/syft/issues/1562, and we should consider the configuration and user experience Syft would need if there were multiple such implementations, e.g. is there a single switch to turn on and off external tooling?