Rearchitect to Object-Oriented Design

[jspeed-meyers]

Fix #39
Fix #37
Fix #25

I know this is a large PR. :sigh: Hopefully you have a cup of coffee and also see why the design is more useful :)

The key changes are:

• All functionality is now object-oriented.
• The tests test the attributes of the object.
• Many tests were removed since there was no obvious test of functionality.
• New output printing style

Again, I apologize for such a large PR. But I believe development velocity will be faster in the future if the codebase uses this object oriented approach. Example #1: The new print mode is easy to implement thanks to the object-oriented approach. In fact, I struggled to even think about how to implement this mode without the re-architecture.

Example of new print output mode:

> python main.py --file missing_author_name/SPDXJsonExample.json               

Is this SBOM NTIA minimum element conformant? False

Individual elements                            | Status
-------------------------------------------------------
All component names provided?                  | True
All component versions provided?               | True
All component identifiers provided?            | True
All component suppliers provided?              | True
SBOM author name provided?                     | False
SBOM creation timestamp provided?              | True
Dependency relationships provided?             | True

Example of print output with -v verbose flag. I think this will be useful for the online SPDX tools web app.

> python3 main.py --verbose --file missing_supplier_name/SPDXJsonExample.json 

Is this SBOM NTIA minimum element conformant? False

Individual elements                            | Status
-------------------------------------------------------
All component names provided?                  | True
All component versions provided?               | True
All component identifiers provided?            | True
All component suppliers provided?              | False
SBOM author name provided?                     | True
SBOM creation timestamp provided?              | True
Dependency relationships provided?             | True

Components missing an supplier: glibc

And the JSON output is slightly modified so that the componentNames data fields are the same as the other component data fields (this change was also easy due to the new re-architecture):

python main.py --file missing_supplier_name/SPDXJsonExample.json --output json | jq .
{
  "sbomName": "SPDX-Tools-v2.0",
  "componentNames": {
    "nonconformantComponents": [],
    "allProvided": true
  },
  "componentVersions": {
    "nonconformantComponents": [],
    "allProvided": true
  },
  "componentIdentifiers": {
    "nonconformantComponents": [],
    "allProvided": true
  },
  "componentSuppliers": {
    "nonconformantComponents": [
      "glibc"
    ],
    "allProvided": false
  },
  "authorNameProvided": true,
  "timestampProvided": true,
  "dependencyRelationshipsProvided": true,
  "isNtiaConformant": false
}

Also, bonus: I found and squashed a bug. The nonconformantComponents list data structures were not storing the package name as intended. They now do store the package names.

[goneall]

Thanks @jspeed-meyers - Looks good to me - with the usual caveat that I have limited expertise in Python. The overall structure looks good, should be easy to maintain.

[jspeed-meyers]

Thank you, @goneall! I really appreciate your many, many PR reviews.