feat: bom.vulnerabilities data models and enums

[jkowalleck]

Add Vulnerabilties to the BOM model, including ENUMs as needed.

new models & ENUMs are marked as @beta - they are ready for usage and feedback, but might change without further notice.

---

this is part of #164

---

checklist:

• pull contributed models from bom.vulnerabilities model #163
• update branch - merge in latest master
• get the coding styles applied
• fix various compile errors
• remove all those compare() methods from the contributed models. it has no effect, unless it comes to reproducible normalization.
• review contributed models & ENUMs for plausibility, schema compliance JSON/XML, etc
• sort out if we have a problem here: [BUG] VulnerabilityReference contradicting definition in JSON and XML specification#154
• fix contributed ENUMs
  • design: move new ENUMs in an own namespace and strip this prefix
  • if needed: add docs/comments to ENUMs based on schema annotations
• fix contributed models
  • design: move models in an own namespace and strip this prefix
  • rename those OptionalProperties interfaces to purpose and have them exported - according to latest API architecture
  • if needed: add docs/comments to interfaces, type, classes and properties - based on schema annotations
  • all repositories default to an instance - they must not be nullable
  • find the usage of contributed VulnerabilityAffectsVersion
  • find the usage of contributed VulnerabilityAffectsRange
• review contributed tests
• have working and running functional tests for the ENUMs
• have working and running REASONABLE tests for the models
• mark all new ENUMs and models as @beta
• write HISTOY
• update REAMDE - annotate models that are not yet normalizable.
• 🏁 merge