Feat/bsi2 add signature field

[viveksahu26]

part of #329

This PR add support for supporting BSI:2.0 sbom new fields such as signature. It supports external and internal signature verification.

For the external signature verification:

• the user need to provide SBOM file(without containing signatures and public key i.e. standalone SBOM), signature file, and public key file
• $ go run main.go compliance --bsi-v2 samples/signature-test-data/SPDXJSONExample-v2.3.spdx.json --sig samples/signature-test-data/sbom.sig --pub samples/signature-test-data/public_key.pem

You can also confirm the verification process via openssl tool too:

• $ openssl dgst -sha256 -verify samples/signature-test-data/public_key.pem -signature samples/signature-test-data/sbom.sig samples/signature-test-data/SPDXJSONExample-v2.3.spdx.json

For the internal signature verification:

• The user need to provide only SBOM file. The SBOM must contain signature and public key.
• $ go run main.go compliance --bsi-v2 samples/signature-test-data/stree-cdxgen-signed-sbom.cdx.json

NOTE: In this case, just for cross verification, for now, we are writing signature(file name default: extracted_signature.bin , public key(file name default: extracted_public_key.pem) and standalone sbom(filename default: standalone_sbom.json) in the local directory, so that one can cross verify it via openssl tool also, like:
$ openssl dgst -sha256 -verify extracted_public_key.pem -signature extracted_signature.bin standalone_sbom.json

This stree-cdxgen-signed-sbom.cdx.json SBOM contains signature and public key. So, sbomqs internally extract the signature and public key into a file, as well as also extract the standalone SBOM by removing signature section and then verifies it.