[cyclonedx-bom] top-level `bom.version` should be optional in `Bom` struct

[weihanglo]

Since CycloneDX v1.5, the bom.version field is marked as optional in the JSON schema . The truth is in XML and protobuf specification it has been optional way earlier than 1.4, but JSON schema failed to catch up until v1.5 (seethe relevant PR CycloneDX/specification#260 and CycloneDX/specification#78).

Since bom.version always has a default value, it should be safe we just make it optional

• cyclonedx-rust-cargo/cyclonedx-bom/src/models/bom.rs

  Line 105 in 100c362

  pub version: u32,

• cyclonedx-rust-cargo/cyclonedx-bom/src/specs/common/bom.rs

  Line 122 in 100c362

  version: other.version,

Alternatively, if we want to follow the v1.3 and v1.4 JSON schema strictly (which I believe it was a bug fixed in v1.5), we could diverge the deserialization based on spec versions.