feat: sanitize spdx document name during conversion

[facundo-herodevs]

Summary

This PR consolidates and improves metadata component name resolution during SPDX to CycloneDX conversion.

Changes

• Added stripVersionSuffix() function that strips trailing version suffixes from names
• Added resolveMetadataComponentName() helper that centralizes name resolution with clear priority:

1. SPDX document name (used as-is)
2. Root component name with version stripped
3. Original root component name (if stripping returns empty)

• Supports various version formats for stripping: @1.0.0, v1.2.3, -1.0.0-beta.1, version 3.0, (v2.0.0), [2.0.0]
• Creates a synthetic application type component when no root package exists but a valid name is resolved

Behavior changes:

• Document name is preserved as-is (no sanitization)
• Version stripping only applies when falling back to root package name
• Package component names remain unchanged (still use original package name)
• Synthetic components are NOT added to the dependencies array

Document name input	Root package name	metadata.component name
My App v1.2.3	@scope/pkg	My App v1.2.3 (doc name preserved as-is)
My App	@scope/pkg@1.0.0	My App (doc name used, no fallback needed)
Blank/whitespace	@scope/pkg	@scope/pkg (fallback, no version to strip)
Blank/whitespace	myapp@1.2.3	myapp (fallback with version stripped)
Blank/whitespace	spring-core-6.0.0	spring-core (fallback with version stripped)
v1.2.3	myapp v1.0.0	v1.2.3 (doc name preserved as-is)
Blank	None (no root package)	No metadata component emitted
My App	None (no root package)	Synthetic application component: My App

Closes https://github.com/neverendingsupport/data-and-integrations/issues/525