feat!: (re)move non-standard implementations

[jkowalleck]

This library claims to implement the CycloneDX standard. And it doe.

but it also has some implementation parts that are not standard - they should be moved to the "contrib" area, or removed entirely.

Goal

• move helpers/factories/builders to the "contrib" area
  • feat: Moved non‑standard implementations to Contrib area #916
  • remove the (old) deprecated exports
• remove the usage of external models
  • Compoennt.purl is no longer an instance of PackageUrl but a simple str or instance of string-castable
    • cast to string on normalization
    • downstream users can still use a PackageURL object, if needed ....
    • remove packageurl dependency
    • refactor!: remove packageurl-python dependency #939
  • validation of external standards -like SPDX expressios and such...
  • don't use UUID for bom.serailNumber - this is a string ...
  • tbc...

Motivation:

• have a clean standard implementation, no opinionated fluff, only models and (de)serailization.