Gather local pod info

[macblazer]

Fixes #11

Reading all of the information from a local pod's .podspec file. Writing the information to the bom did not have to change since it is in the same format as standard pods.

I added the file_name purl qualifier for local pods. The reason I did this is that the purl specification says

file_name is an extra file name of a package archive.

Without this extra designation there is no way to tell a local pod from a pod in the default CocoaPods repository list. Here is a made up example of two different CocoaPods purls without the file_name qualifier for a local pod:

pkg:cocoapods/GzipSwift@4.1.0  # this is available for download from the default CocoaPods listings
pkg:cocoapods/MyLocalPod@0.0.10 # this is a local-only pod; how would you know?

Now the same thing with the file_name qualifier:

pkg:cocoapods/GzipSwift@4.1.0
pkg:cocoapods/MyLocalPod@0.0.10?file_name=.%2Fincubator%2FMyLocalPod

By adding the file_name qualifier it is very easy to understand that the local pod is local and within a folder named ./incubator/MyLocalPod in the local project.

[macblazer]

Hm. I will fix my commit messages on the existing commits, and also add some info about this DCO "sign off" messaging to the "contributing" section of the readme.

[macblazer]

I have found a simpler way to gather the information for all pods that are not distributed by a standard CocoaPods repository, and will be opening a different PR today.