feat(spdx_vex): Add support for SPDX VEX format using lib4vex (WIP)

[JigyasuRajput]

TLDR; this PR needs work once lib4vex v0.3.0 is available as discussed in #4716

Description:
This PR aims to add support for the SPDX VEX format using lib4vex. However, the required version (lib4vex 0.3.0) is not yet released.

Current Status:

• Added the spdx option to the CLI for VEX generation.
• Implemented error handling for SPDX VEX files.
• Integrated lib4vex for parsing SPDX VEX and mapped SPDX product info to the tool’s internal format.
• Updated SBOM detection to identify SPDX VEX files based on content (e.g., spdxVersion and vulnerabilityAnalysis).
• Added unit tests for SPDX VEX parsing and validation.
• The implementation requires further work once lib4vex 0.3.0 is available.

---

Next Steps: (once lib4vex v0.3.0 is available)

• update the import statements
• update requirements for lib4vex
• improve test cases and error handling accordingly
• add documentation for the same

Marking this as a draft to track progress and get early feedback. Suggestions are welcome!
(WIP) - #4716

[terriko]

Minor nit while I was quick scanning this to make sure nothing weird would happen if I allowed CI. I haven't actually done a full review but it looks safe to run the tests so I'll trigger those now.

[terriko]

Probably just give this a new number for disambiguation from CVEDataMissing above. I don't really have these organized in any way so you can dump it at the bottom and use whatever the next number is.

[terriko]

This has a bunch of linter fails and I'm guessing you've got enough other stuff to work on, so I'm going to close it to help me pare down our open pull request list. Feel free to re-open if you want to work on it again later.