feat: more efficient detection of advisory formats

[jcrossley3]

Fixes #257

We only parse the documents enough to detect the fields identifying the format. We no longer parse a doc just to determine its format, so errors due to invalid data will be tossed downstream.

[ctron]

jsn looks cool!

[bobmcwhirter]

I guess... discover what versions the auto-detect can detect (maybe we need more detection for CycloneDX 1.3 vs 1.4 for instance) and then wordsmith up something.

[bobmcwhirter]

No I'm certain it's only a subset currently. But we should do all. And detect versions appropriately if required.