Clarify whether the `type` should be required to be a "known" type or whether it can be an arbitrary field

[jamietanna]

I've been playing around with GitHub's Dependency Submission API, which consumes pURL(s).

However, as noted here and in https://github.com/anchore/syft/issues/1622, it appears that GitHub's support for pURL type fields has some validation, looking for "known" pURLs, rather than allowing arbitrary types.

For instance, if we use packageurl-go, the pURL pkg:mix/req@~%3E%200.3 parses correctly:

package main

import (
	"fmt"
	"log"

	"github.com/package-url/packageurl-go"
)

func main() {
	s := "pkg:mix/req@~%3E%200.3"
	fmt.Printf("s: %v\n", s)
	p, err := packageurl.FromString(s)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("p.Name: %v\n", p.Name)
	fmt.Printf("p.Version: %v\n", p.Version)
}

Clarification on this issue would allow raising this to GitHub as a defect, if it is one.