wrong proto3 schema default values for enums

[jkowalleck]

per proto3 schema definition, enum values of 0 are, per definition, used as "unspecified" or "fallback" values.

see https://protobuf.dev/programming-guides/enum/

enum Enum {
  A = 0;
  B = 1;
}

message Msg {
  optional Enum enum = 1;
}

Closed enums will parse the value 2 and store it in the message’s unknown field set. Accessors will report the field as being unset and will return the enum’s default value.

Therefore, enum value of 0 MUST be revisited.

The CDX v1.x protobuf schema has default values for enums, where XML/JSON does not.
And this is for the fact, that protobuf schema uses value 0, where it should not.

When these enum values would be changed, this would be a breaking change.

This is a followup of #385

---

examples for wrong usage of 0 in enums:

• EvidenceTechnique defaults to EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS
  

  specification/schema/bom-1.5.proto

  Lines 720 to 731 in 8af880d

  	enum EvidenceTechnique {
  	EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0;
  	EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1;
  	EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2;
  	EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3;
  	EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4;
  	EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5;
  	EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6;
  	EVIDENCE_TECHNIQUE_FILENAME = 7;
  	EVIDENCE_TECHNIQUE_ATTESTATION = 8;
  	EVIDENCE_TECHNIQUE_OTHER = 9;
  	}

• ModelParameterApproachType defaults to MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED
  

  specification/schema/bom-1.5.proto

  Lines 1096 to 1102 in 8af880d

  	enum ModelParameterApproachType {
  	MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0;
  	MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1;
  	MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2;
  	MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3;
  	MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4;
  	}

• ComponentDataType defaults to COMPONENT_DATA_TYPE_SOURCE_CODE
  

  specification/schema/bom-1.5.proto

  Lines 1150 to 1161 in 8af880d

  	enum ComponentDataType {
  	// Any type of code, code snippet, or data-as-code
  	COMPONENT_DATA_TYPE_SOURCE_CODE = 0;
  	// Parameters or settings that may be used by other components.
  	COMPONENT_DATA_TYPE_CONFIGURATION = 1;
  	// A collection of data.
  	COMPONENT_DATA_TYPE_DATASET = 2;
  	// Data that can be used to create new instances of what the definition defines.
  	COMPONENT_DATA_TYPE_DEFINITION = 3;
  	// Any other type of data that does not fit into existing definitions.
  	COMPONENT_DATA_TYPE_OTHER = 4;
  	}