feat: Enhance SBOM composition with policy findings and update CycloneDX package

- Added `PolicyFindings` property to `SbomCompositionRequest` to include policy findings in SBOM.
- Implemented `NormalizePolicyFindings` method to process and validate policy findings.
- Updated `SbomCompositionRequest.Create` method to accept policy findings as an argument.
- Upgraded CycloneDX.Core package from version 5.1.0 to 10.0.1.
- Marked several tasks as DONE in TASKS.md, reflecting completion of SBOM-related features.
- Introduced telemetry metrics for Go analyzer to track heuristic fallbacks.
- Added performance benchmarks for .NET and Go analyzers.
- Created new test fixtures for .NET applications, including dependencies and runtime configurations.
- Added licenses and nuspec files for logging and toolkit packages used in tests.
- Implemented `SbomPolicyFinding` record to encapsulate policy finding details and normalization logic.

out/tmp-cdx/Program.cs

@@ -1,6 +1,4 @@
-using System;
-using CycloneDX.Models;
-
-var dependenciesProperty = typeof(Dependency).GetProperty("Dependencies")!;
-Console.WriteLine(dependenciesProperty.PropertyType);
-Console.WriteLine(dependenciesProperty.PropertyType.GenericTypeArguments[0]);
+using System;
+using CycloneDX.Models;
+
+Console.WriteLine(string.Join(", ", Enum.GetNames(typeof(Component.Classification))));