Update ratings descriptions in schema files for clarity on VEX usage (#722)

<!-- 
Thank you for taking the time to develop and contribute a core
enhancement or fix for a defect!

We kindly request that you create pull requests only for things that
have been discussed in a ticket first; exceptions may be made for
spelling or grammar fixes.
Read more about the process here:
https://cyclonedx.org/participate/standardization-process/#working-model

Please have the related ticket/issue ID ready. 
If there is none, feel free to create a new ticket:
https://github.com/CycloneDX/specification/issues/new/choose

-->

<!-- 

Please provide a brief description of what this pull request intends to
do and which ticket it fixes/closes.
Example: 
> As discussed in ticket #485, this PR adds Streebog to the hash
algorithm enum.
>
> fixes #485 

In case this is for a spelling or grammar improvement, please provide a
brief description.
Example:
> Fixe typo: color(AE) -> colour(BE)

-->

I am translating @stevespringett 's
[feedback](#719 (comment))
on the CycloneDX VEX specification into the code.



> Should ratings be normative inputs for prioritization in VEX
consumers?

_Yes, they should be. It is widely known that the NVD has historically
overrated vulnerabilities (on purpose). So the ratings from the NVD and
those from the manufactures are often different. CycloneDX can convey
this information which can aid in prioritization._


fixes  #719

Author: stevespringett

schema/bom-1.6.proto

@@ -888,7 +888,7 @@ message Vulnerability {
   optional Source source = 3;
   // Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Oftentimes, the same vulnerability may exist in multiple sources of vulnerability intelligence but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.
   repeated VulnerabilityReference references = 4;
-  // List of vulnerability ratings
+  // List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.
   repeated VulnerabilityRating ratings = 5;
   // List of Common Weaknesses Enumerations (CWEs) codes that describe this vulnerability. For example, 399 (of https://cwe.mitre.org/data/definitions/399.html)
   repeated int32 cwes = 6;

schema/bom-1.6.schema.json

@@ -2681,7 +2681,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }

schema/bom-1.6.xsd

@@ -4218,7 +4218,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="ratings" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation xml:lang="en">List of vulnerability ratings.</xs:documentation>
+                    <xs:documentation xml:lang="en">List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.</xs:documentation>
                 </xs:annotation>
                 <xs:complexType>
                     <xs:sequence>

schema/bom-1.7.proto

@@ -990,7 +990,7 @@ message Vulnerability {
   optional Source source = 3;
   // Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Oftentimes, the same vulnerability may exist in multiple sources of vulnerability intelligence but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.
   repeated VulnerabilityReference references = 4;
-  // List of vulnerability ratings
+  // List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.
   repeated VulnerabilityRating ratings = 5;
   // List of Common Weaknesses Enumerations (CWEs) codes that describe this vulnerability. For example, 399 (of https://cwe.mitre.org/data/definitions/399.html)
   repeated int32 cwes = 6;

schema/bom-1.7.schema.json

@@ -2841,7 +2841,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }

schema/bom-1.7.xsd

@@ -4461,7 +4461,7 @@ limitations under the License.
             </xs:element>
             <xs:element name="ratings" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation xml:lang="en">List of vulnerability ratings.</xs:documentation>
+                    <xs:documentation xml:lang="en">List of vulnerability ratings. Consumers SHOULD consider ratings in prioritization decisions; source ratings may differ and aid prioritization.</xs:documentation>
                 </xs:annotation>
                 <xs:complexType>
                     <xs:sequence>