complete SPDX license expression detection

[jkowalleck]

current SPDX license expression is stupid:

cyclonedx-python-lib/cyclonedx/spdx.py

Lines 49 to 60 in 13e441d

	def is_compound_expression(value: str) -> bool:
	"""Validate compound expression.
	.. note::
	Uses a best-effort detection of SPDX compound expression according to `SPDX license expression spec`_.
	.. _SPDX license expression spec: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
	"""
	# shortest known valid expression: (A or B) - 8 characters long
	return len(value) >= 8 \
	and value.startswith('(') \
	and value.endswith(')')

either have a proper complete implementation,
or use a library for this

• https://pypi.org/project/license-expression/
• .. to be continued ...