feat!: (re)move non-standard implementations

[jkowalleck]

This library claims to implement the CycloneDX standard. And it does.

but it also has some implementation parts that are not standard - they should be moved to the "contrib" area, or removed entirely.

Goal

• move helpers/factories/builders to the "contrib" area
  • refactor: move every implementation that does not implement the standard to sub-namespace "contrib" #1344
  • feat: Moved non‑standard implementations to Contrib area #1343
  • remove deprecated re-exports #1346
• remove the usage of external models
  • Compoennt.purl is no longer an instance of PackageUrl but a simple str or instance of string-castable
    • cast to string on normalization
    • downstream users can still use a PackageURL object, if needed ....
    • remove packageurl dependency
    • via feat!: Component.purl as string #1379
  • validation of external standards -like SPDX expressions and such...
    • SPDX Expression validator becomes an injectable runtime dependency
    • dependency itself becomes an optoinal peer dependency
    • via feat!: remove spdx expression validation #1382
  • tbc...
• remove the usage of non-canonical factories and builders
  • ...PackageUrlFactory - via feat!: remove package url factory #1378

Motivation:

• have a clean standard implementation, no opinionated fluff, only models and (de)serailization.