DependencyCheck Support language constraints for CPEs

Is your feature request related to a problem? Please describe.

CPEs can relate to specific languages (aka platforms). Often CPEs are picked up for a language that is not the one being scanned, e.g. in my Java project I have CPEs detected for JavaScript, Go, Rust and Python projects with names that sound simillar to libraries I am using. Also for some CVEs there are CPEs for multiple languages with different versioning schemes, as in the recent issue (#5992). Being able to filter based on language would cut down on a lot of noise with false positives. There is already a lot of noise in the NVD ecosystem, without dealing with vulnerabilities for completely different languages!

Describe the solution you'd like

The simplest solution to me is something like a --language flag passed in to the tool which filters all CPEs so only the matching language is considered. It could perhaps be multi-valued, although I'd think multi-language projects would normally run separate scans for each language as the dependency tree is different (my project is multi-language and we do this).

Describe alternatives you've considered

An alternate solution would be to allow specifying the langauge constraint for CPEs in the false positives file. To my mind the top level flag is easier because it can be specified once during setup. Putting language constraints in the false positives file would still mean the build breaks every time a vulnerability comes out in a language that is not being used, so someone would need to look at it and add the false positive.

Additional context

This feature depends on getting the vulnerability data which includes the language specifier. I'm not sure if that is already available or, if not, how much work is needed to bring it in.