fix: gradle component analsyis duplicates artifacts in sbom

[zvigrinberg]

Description

For gradle component analysis, if in manifest an artifact is specified twice, once with version and second time without version, then it's generated like that in the sbom , which is a duplicate ( the fix filtering out the artifact that doesn't contain version)

Checklist

• I have followed this repository's contributing guidelines.
• I will adhere to the project's code of conduct.

Additional information

build.gradle:

dependencies {
    implementation "log4j:log4j:1.2.17"
    implementation group: 'log4j', name: 'log4j'
}

generated sbom

{

     {
            "group": "log4j",
            "name": "log4j",
            "version": "1.2.17",
            "purl": "pkg:maven/log4j/log4j@1.2.17",
            "type": "library",
            "bom-ref": "pkg:maven/log4j/log4j@1.2.17"
       },
       {
            "group": "log4j",
            "name": "log4j",
            "purl": "pkg:maven/log4j/log4j",
            "type": "library",
            "bom-ref": "pkg:maven/log4j/log4j"
       }
}

the generated sbom for component analysis should only contain the log4j with the version, and with subjected fix it becomes as required:

{

     {
            "group": "log4j",
            "name": "log4j",
            "version": "1.2.17",
            "purl": "pkg:maven/log4j/log4j@1.2.17",
            "type": "library",
            "bom-ref": "pkg:maven/log4j/log4j@1.2.17"
       }
 }

[zvigrinberg]

skipped IT for golang and approve this PR , as they are temporary not working due to an issue in EXHORT Backend ( regardless of which packages are in the go.mod manifest ( vulnerable or not), exhort doesn't returns vulnerability data.