Support for both the v1.5 component evidence `identity` and the v1.6 array of `componentIdentityEvidence`

[mrutkows]

TODO: figure out how to support both the v1.5 "Identity" type (a singleton of an anonymous type) vs. the v1.6 "identity" which is an array of named type (i.e., componentIdentityEvidence):

type CDXComponentEvidence struct {
    Licenses  *[]CDXLicense   `json:"licenses,omitempty" cdx:"added:1.3"`
    Copyright *[]CDXCopyright `json:"copyright,omitempty" cdx:"added:1.3"`
    Identity  interface{}     `json:"identity,omitempty" cdx:"added:1.5,changed:1.6"`
...
}

where these struct types would be referenced:

type CDXComponentIdentityEvidence struct {
    Field      string       `json:"field,omitempty" cdx:"added:1.5"`
    Confidence float64      `json:"confidence,omitempty" cdx:"added:1.5"`
    Methods    *[]CDXMethod `json:"methods,omitempty" cdx:"added:1.5"`
    Tools      *[]string    `json:"tools,omitempty" cdx:"added:1.5"`
}

// v1.5: added
type CDXMethod struct {
    Technique  string  `json:"technique,omitempty" cdx:"added:1.5"`
    Confidence float64 `json:"confidence,omitempty" cdx:"added:1.5"`
    Value      string  `json:"value,omitempty" cdx:"added:1.5"`
}

[mrutkows]

See issue https://github.com/CycloneDX/sbom-utility/issues/91

for a similar problem...

[mrutkows]

Note: we need to create a custom marshaler as had to done with "Tools" like below:

    // v1.5 allows tools to be either an array of (legacy) tool object or a new tool object
    // TODO: author test for legacy (array) object vs. new tool object
    if IsInterfaceASlice(value.Tools) {
        arrayTools, ok := value.Tools.([]CDXLegacyCreationTool)
        if ok && len(arrayTools) > 0 {
            temp["tools"] = arrayTools
        }
    } else {
        tools, ok := value.Tools.(CDXCreationTools)
        if ok {
            temp["tools"] = tools
        }
    }