feat: upgrade CycloneDX lib 10.0.0

[jkowalleck]

Description

• Fixed
  • Qualified PackageURLs
• Changed
  • Take care of PackageURL generation ourselves, now
    Previously, this was done at best-effort by a 3rd-party library.
• Dependencies
  • Upgraded runtime-dependency @cyclonedx/cyclonedx-library@^10.0.0 now, was @^9.2.0
  • Added runtime-dependency packageurl-js@^2.0.1
  • Added runtime-dependency spdx-expression-parse@^3.0.1||^4.0.0

Resolves or fixes issue:

AI Tool Disclosure

• My contribution does not include any AI-generated content
• My contribution includes AI-generated content, as disclosed below:
  • AI Tools: [e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]
  • LLMs and versions: [e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]
  • Prompts: [Summarize the key prompts or instructions given to the AI tools]

Affirmation

• My code follows the CONTRIBUTING.md guidelines

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -0.04%	✅ 95.08% (target: 80.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (dd6c795)	760	711	93.55%
Head commit (48822fc)	863 (+103)	807 (+96)	93.51% (-0.04%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#1503)	183	174	95.08%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences