add sbomasm as a tool for spdx and cyclonedx

[viveksahu26]

closes #115

This PR fixes 2 things

1. adds sbomasm as tool for following cases:

• when sbom is edited for any subject, document, primary-component, component-name-version.

• If subject is a document, following cases are possible:

  • provide tool(other tools except sbomasm) explicity
    • In this case, sbomasm tool is not provided. For example:

    $ go run main.go edit  --subject document --tool 'trivy (0.56.1)'  --tool 'parlay (0.5.1)' --tool 'bomctl (v0.4.1)'  photon.spdx.json --output photon-default.spdx.json
    

  • provide tool explicity with sbomam for different version or same version
    • in this case, sbomasm is provided via --tool flag for different version

    $ go run main.go edit  --subject document --tool 'trivy (0.56.1)'  --tool 'parlay (0.5.1)' --tool 'bomctl (v0.4.1)'  --tool 'sbomasm (v2.4.2)'  photon-default.spdx.json --output photon-default-newVersion.spdx.json
    

  NOTE: The default version of sbomasm is 0.1.9.

2. Fix duplicate for tools.

For example:

A sbom photon1.spdx.json containing these tools in it:

"creationInfo": {
"licenseListVersion": "3.19",
"creators": [
 "Tool: tern-b8e13d1780cd3a02204226bba3d0772d95da24a0",
 "Tool: trivy-0.56.1",
 "Tool: parlay-0.5.1",
 "Tool: bomctl-v0.4.1"
],
"created": "2023-01-12T22:06:03Z"
},

On executing this command: the photon2.spdx.json sbom comes up with duplicate tools:
$ sbomasm edit -a --subject document --tool 'trivy (0.56.1)' --tool 'parlay (0.5.1)' --tool 'bomctl (v0.4.1)' photon1.spdx.json --output photon2.spdx.json

 "creationInfo": {
  "licenseListVersion": "3.19",
  "creators": [
   "Tool: tern-b8e13d1780cd3a02204226bba3d0772d95da24a0",
   "Tool: trivy-0.56.1",
   "Tool: parlay-0.5.1",
   "Tool: bomctl-v0.4.1",
   "Tool: trivy-0.56.1",
   "Tool: parlay-0.5.1",
   "Tool: bomctl-v0.4.1"
  ],
  "created": "2023-01-12T22:06:03Z"
 },

This PR resolve the duplicate of tools for both cases missing as well as append.