feat: Add parent POM preservation with configurable dependency reorganization

[jan-van-de-pol]

Description

This PR adds support for preserving parent POM references in the generated SBOM instead of flattening them into the effective POM model. This enhancement provides better visibility into the Maven project structure and dependency inheritance hierarchy.

Changes

New Configuration Parameters

• preserveParentReferences (default: false): Enable parent POM preservation

  • When enabled, parent POMs are added as direct dependencies of components that reference them
  • Recursively walks the entire parent chain (child → parent → grandparent → ...)

• includeParentsAsComponents (default: true): Control parent POM visibility in components section

  • When true, parent POMs appear as components in the BOM
  • When false, parent POMs are referenced only in the dependency graph

Implementation Details

Modified Files:

• BaseCycloneDxMojo.java: Added configuration parameters and component filtering logic
• ModelConverter.java: Extended interface with parent detection and dependency extraction methods
• DefaultModelConverter.java: Implemented parent POM detection and direct dependency extraction
• ProjectDependenciesConverter.java: Extended interface for parent chain processing
• DefaultProjectDependenciesConverter.java: Implemented recursive parent chain walking and dependency reorganization

Key Features:

• Recursively processes entire parent POM hierarchy
• Reorganizes inherited dependencies to reference their introducing parent POM
• Uses ProjectBuilder for efficient parent POM resolution
• Null-safe artifact creation for parent POMs
• Components without dependency entries are pruned during cleanup

Testing

• Added comprehensive test suite with multi-level parent hierarchies (4 levels deep)
• ParentPreservationTest: Validates parent POMs appear as components with correct dependency graph
• ParentNoComponentTest: Validates parent exclusion when includeParentsAsComponents=false
• All existing tests continue to pass (27/27)

Documentation

• Updated README.md with new configuration options and usage examples
• Added "Parent POM Preservation" section explaining the feature and use cases

Use Cases

This feature is valuable for:

• Understanding complete project structure including parent POMs
• Tracking which parent POM introduces specific dependencies
• Maintaining visibility of the full Maven inheritance hierarchy
• SBOM accuracy when parent POMs are managed artifacts with their own lifecycle

Backward Compatibility

This is a non-breaking change:

• Default behavior remains unchanged (preserveParentReferences=false)
• Existing BOMs will generate identically unless explicitly enabled
• All existing tests pass without modification

Example

With preserveParentReferences=true:

<configuration>
    <preserveParentReferences>true</preserveParentReferences>
    <includeParentsAsComponents>true</includeParentsAsComponents>
</configuration>