[New Check] Primary component lack of version goes undetected

[surendrapathak]

For the SBOM here - https://sbomlc.s3.amazonaws.com/sbom4python-0.8.0_paramiko-3.1.0.cdx.json?AWSAccessKeyId=AKIA2ZBFUJ4NNQGYD5OF&Signature=yAQj8D2ZcNKMLSe242nV3QF8X3g%3D&Expires=1711592185

sbomgr packages -EP 'pypi/cryptography' -O 'filen,docn,docv,pkgn,pkgv' sbomlc/sbom4python-0.8.0_paramiko-3.1.0.cdx.json
sbomlc/sbom4python-0.8.0_paramiko-3.1.0.cdx.json	Python-paramiko		cryptography	40.0.1	

docv results in the blank.

This is because the metada:component is missing the version:

"metadata": {
    "timestamp": "2023-03-28T19:16:23Z",
    "tools": [
      {
        "name": "sbom4python",
        "version": "0.8.0"
      }
    ],
    "component": {
      "type": "application",
      "bom-ref": "CDXRef-DOCUMENT",
      "name": "Python-paramiko"
    }
  },

However, details clearly specify that value is known:

"type": "library",
      "bom-ref": "1-paramiko",
      "name": "paramiko",
      "version": "3.1.0",
      "supplier": {
        "name": "Jeff Forcier",
        "contact": [
          {
            "email": "[email protected]"
          }
        ]
      },

I think we should create a check for version and other basic details in the primary component.