enhancement(cyclonedx): use `component.evidence.occurrences.location` for filapaths and linenumber

[DmitriyLewen]

Description

In CycloneDX 1.5, the location and line fields were added under component.evidence.occurrences. These are fields we can use in Trivy:

1. location can be used instead of property.filePath
2. line can be used if Trivy supports detecting line numbers for that file

Example:

https://github.com/CycloneDX/cyclonedx-go/blob/72e4629d580624c7d6bd815e2d209a0a62d08047/testdata/valid-evidence.json#L74-L77

Discussed in https://github.com/aquasecurity/trivy/discussions/9823