Add certificate serial number to certificateProperties

[chris-giblin]

Inspired by the CBOM Comments regarding serial number:

Instead of using the serialNumber field in the metadata object, add a new field to the CBOM certificateProperties object. In the near term this can be added using CycloneDX properties, longer term, there should be a serial number field in the cert properties. This way, the format of the field will suit certificates, which is not the case for metadata's serialNumber field.

[capri-san]

Thanks for your comment Chris. In fact that would be very useful, but it is not possible: CBOM does not permit to define aditional properties at that level. If you try to validate an object with aditional properties in the "certificateProperties" level we get the error:

instancePath: '/metadata/component/cryptoProperties/certificateProperties',
    schemaPath: '#/properties/certificateProperties/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'properties' },
    message: 'must NOT have additional properties',
    schema: false

This is why we defined that piece of information in the component level.

[chris-giblin]

I see your point about missing a means for specifying properties for certificates. I created issue #8