Add support for generating optionality based on the maven dependency configuration

[knrc]

The current codebase derives the scope of a component through bytecode analysis, however this has problems in that it

• differs from maven's view of what is optional (non-intuitive)
• can change depending on which projects have been built (classes need to exist)
• doesn't handle artifact relocations

We would like the ability to define optionality based on whether maven determines the artifact to be optional, i.e. through the dependency resolution process rather than bytecode inspection.

@hboutemy I have something working for this, just waiting on the conclusion of #306 and for other PRs to be submitted.

@norrisjeremy FYI

[hboutemy]

Maven "optional" is a boolean field on a dependency with one semantics = https://maven.apache.org/ref/3.9.1/maven-model/maven.html#class_dependency
CycloneDX "optional" is one value (with "required" and "excluded") of component scope field with different semantics = https://cyclonedx.org/docs/1.4/json/#components_items_scope
(CycloneDX scope not to be confused with Maven dependency scopes=runtime/compile/test/provided which are a completely different thing)

each time we use a term, we must clarify in which world we refer to#312

but yes, the way SBOM scope=optional detection has been implemented in #65 does not make me feel that it's the usually expected behaviour