Use `SPDX` package relationships to filter out the project added a dependency

[ejortega]

In SPDX documents, it's possible to have a self-descriptive structure where the document describes itself as a package. This change uses the package relationships to remove that package from the list. Also fixed an issue where parsing certain text files with additional package info causes the parsing to fail.

Closes https://github.com/phylum-dev/cli/issues/1381 Cloess https://github.com/phylum-dev/cli/issues/1382

Checklist

• [x] Does this PR have an associated issue (i.e., closes #<issueNum> in description above)?
• [x] Have you ensured that you have met the expected acceptance criteria?
• [x] Have you created sufficient tests?
• [x] Have you updated all affected documentation?
• [x] Have you updated CHANGELOG.md (or extensions/CHANGELOG.md), if applicable