Vulnerability 1.0 Extension parsing bug

[bors2908]

Version: 7.3.2
OS: Win 11 Pro Build 22621

I've encountered a problem parsing an SBOM with a Vulnerability 1.0 Extension.

The problem is that if component node has multiple ratings nodes ExtensionDeserializer cannot properly parse it and is just filling it with nulls.

          <v:ratings>
            <v:rating>
              <v:severity>Low</v:severity>
            </v:rating>
            <v:rating>
              <v:score>
                <v:base>6.1</v:base>
                <v:impact>4</v:impact>
                <v:exploitability>1.6</v:exploitability>
              </v:score>
              <v:method>CVSSv3</v:method>
              <v:vector>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N</v:vector>
            </v:rating>
          </v:ratings>

com.astoc.scanner.logs.hub.scanners.service.parsers.cyclonedx.patch.CycloneDxPatchedExtensionDeserializer#processRating
Method should take additional cases into account, like when "ratings/rating" node also contains multiple nodes inside.
I'll try to fix an issue and make a pull request in the near future.

Test payload attached.
cyclonedx-webgoat_test.txt

[bors2908]

Added Pull Request
#309