Improve support for the Component.Evidence.Identity field in CycloneDX 1.6

[darioandre]

In CycloneDX 1.5, the Component.Evidence.Identity field was specified as a single Identity object. In CycloneDX 1.6 this has been deprecated in favor of an array of Identity objects.
The specifications can be compared here:
1.5: https://cyclonedx.org/docs/1.5/json/#components_items_evidence_identity
1.6: https://cyclonedx.org/docs/1.6/json/#components_items_evidence_identity

cyclonedx-go still defines Identity as *EvidenceIdentity so it fails to unmarshal SBOMs which have an array of identities in place of a single one; the error is: cannot unmarshal array into Go struct field Evidence.components.evidence.identity of type cyclonedx.EvidenceIdentity.

This currently happens with some SBOMs generated by cdxgen (https://github.com/CycloneDX/cdxgen) when using the --spec-version 1.6 argument. This is an SBOM affected by the issue. It was generated from a skeleton Poetry project, with just pytest added, using this command:

docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app -o /app/bom.json --spec-version 1.6`