strip unnecessary PURL qualifiers #204
Description
based on CycloneDX/cyclonedx-node-npm#90
the PURL qualifiers crated from the factories/builders
should not include download_url it this is based on the default package registry registry.npmjs.org as this would be information of no additional value and just make the PURL longer.
The addition of vcs_url has no value if the package stems from the original package registry in the first place,
it should be added only if no download_url existed at all.