Add Component Type Unknown to handle some accidental cases

[VictorHuu]

Why is it essential ?

some SBOM Generator like Syft only support identifying limited number of Component Types like File,Image ,&c currently. But there are many types like framework beyond the capacity of Syft. So for accuracy , an unknown type is required. Don't worry it will compromise the standard of Cyclone DX , since we have to tackle some weird edge cases when it comes to the implementation.

Fixes #229

[VictorHuu]

@nscuro Sorry to bother you , could you review the PR if you are available ? I know there are a lot of more important repos for you to maintain, so I am wondering whether this repo is out of regular maintenance. Arguments about the PR is quite sufficient.

[mcombuechen]

@VictorHuu I think this should be brought up with the specification committee first: https://github.com/CycloneDX/specification/issues

"unknown" is not part of the official enum of component types for CycloneDX. Mind you, this is the Go implementation of the schema, but there are others (JavaScript, .NET, ...) that would need a similar addition once this would make it into the spec.

[VictorHuu]

@mcombuechen Hi, I've attempted to file an issue in the spec, but it was rejected.Here's the thing: this repo is just a Cyclone DX utility written in Go for an SBOM not for a Go project( the very project should be cyclonedx-gomod). So there's no loss of generalisation. Anyway, modifying the spec is way more costly.

[nscuro]

CycloneDX/specification#627 (comment)