Add CIPD as a PURL type

[jupenur]

Chromium uses the Chrome Infrastructure Package Deployment (CIPD) registry for some dependencies. Some documentation can be found here and here and examples of package names here -- look for lines starting with 'package': '.

Including some random samples below:

gn/gn/linux-amd64
gn/gn/windows-amd64
chromium/android_webview/tools/cts_archive
chromium/third_party/accessibility-test-framework
chromium/third_party/android_protoc

These would map to the purl spec well, e.g. like so:

pkg:cipd/gn/gn/linux-amd64
pkg:cipd/gn/gn/windows-amd64
pkg:cipd/chromium/android_webview/tools/cts_archive
pkg:cipd/chromium/third_party/accessibility-test-framework
pkg:cipd/chromium/third_party/android_protoc

Including CIPD in the spec as a known type would be valuable as it would make it possible to generate SBOMs for Chromium-based applications, like those built using Electron. Currently there is no way to accurately refer to CIPD packages.

[jupenur]

Some additional notes:

• The default repository is https://chrome-infra-packages.appspot.com/p/
• Package names are case-sensitive
• The OS and architecture of a package is specified with a /<os>-<arch> suffix. For PURL these could alternatively be mapped to qualifiers, like so: pkg:cipd/gn/gn@latest?os=linux&arch=amd64