Disable HTML escaping when output in JSON

[t-katsumura]

cyclonedx-gomod output SBOM with HTML escaped when --json flag was specified.
This converts & in purl to \u0026 which sometimes is not parsed correctly in other tools.

We can find an example at

cyclonedx-gomod/examples/app_minikube-v1.23.1.bom.json

Line 53 in e54760d

"purl": "pkg:golang/k8s.io/[email protected]?type=module\u0026goos=linux\u0026goarch=arm64#cmd/minikube",

Proposal:

• DIsable HTML escape globally
  or
• Add CLI option to disable HTML escaping

Because the BOMEncoder in cyclonedx-go already has the method SetEscapeHTML(escapeHTML bool), changes should be necessary only around here.

cyclonedx-gomod/internal/cli/util/util.go

Lines 98 to 99 in e54760d

	encoder := cdx.NewBOMEncoder(outputWriter, outputFormat)
	encoder.SetPretty(true)

[Aswinr24]

Hi, I’d love to pick this issue and work on it.
My proposed solution is to add a CLI flag or option to disable HTML escaping in the JSON output. This would allow users to handle special characters like & properly in other tools.
Let me know if that sounds good, and I can start working on a PR!