feat: adopt proper handling of npm manifest repository #1119
Description
https://github.com/CycloneDX/cyclonedx-node-npm/releases/edit/v1.19.2 introduced a fix
this was a quick fix to a larger problem: NPM manifest's repository is not guaranteed to be a URL.
see https://docs.npmjs.com/cli/v10/configuring-npm/package-json#repository
The URL should be a publicly available (perhaps read-only) URL that can be handed directly to a VCS program without any modification.
so valid values could be like git@gitlab.example.com:user/project.git.
the shortcuts with alternative protocols (github:, gitlab:, etc) are out of scope, they are expected to be normalized before processing.