mark non-embedded dependencies as 'extraneous'Β #121
Description
There is work ongoing on the CycloneDX spec to be able to mark dependencies as 'extraneous' (CycloneDX/specification#586), which all of our dependencies are (except 'embedded'/shaded resources). Let's track that work and implement it when it becomes part of the spec.