Refactoring of scores

[tschmidtb51]

The current version of scores doesn't reflect the relationship between the list of products and (CVSS-) scores correctly. I suggest the following changes:

• define an object which contains: "products", "cvss_v20", "cvss_v30", "cvss_v31"
• make "products" required (This reduces complexity: An implicit score applies for all products is not longer allowed - there is explicitly specified to which products this score belongs.)
• set "minItems" as 2 ("products" and one score)
• add an editorial remark like: 'Should use "cvss_v31". "cvss_v20" will be deprecated in CSAF 2.1/ further versions'

[sthagen]

Hint to readers of this issue: Discussion is ongoing during review in the corresponding PR #130