Bug: Package FilesAnalyzed field does not behave according to spec

[ianling]

Per the spec, if the FilesAnalyzed field is absent from a document, that should be interpreted as FilesAnalyzed: true.

Unfortunately, for the JSON and YAML parsers/savers, this was missed, so if they are absent, they default to false.

Additionally, the zero/empty value of a boolean in Go is false, and the FilesAnalyzed field's JSON tag contains omitempty, so we are unable to write out the FilesAnalyzed field to a file if it is false; it will simply be omitted, which results in other things (like the online SPDX validator tool) interpreting it as true.

We should change this field to a pointer to denote that it can be absent, and also make sure that we handle that case properly by interpreting it as true across all the different file parsers.

[ianling]

I am handling this

[swinslow]

Thanks @ianling. For what it's worth, the way I addressed this in the original tag-value code and SPDX model for the Golang tools was to add a second parameter, IsFilesAnalyzedTagPresent:

https://github.com/spdx/tools-golang/blob/a532726dbb7a38d0f714075e9a1f1df4cae60230/spdx/package.go#L139-L143

Then, when parsing a document and encountering a new Package section, the default settings for that new Package are:

https://github.com/spdx/tools-golang/blob/a532726dbb7a38d0f714075e9a1f1df4cae60230/tvloader/parser2v2/parse_package.go#L27-L30

which then gets overwritten only if a FilesAnalyzed tag actually appears:

https://github.com/spdx/tools-golang/blob/a532726dbb7a38d0f714075e9a1f1df4cae60230/tvloader/parser2v2/parse_package.go#L95-L101

Happy to modify this if there's a more appropriate way to handle, especially given how the JSON / YAML tooling will have to handle this.