[XML] `license.id` and `license.name` are optional

[jkowalleck]

based on https://cyclonedx.slack.com/archives/C01HBFNCNJ1/p1693586003544379
based on #133 & #330

---

In XML, the license.id AND license.name are optional(minOccurs="0"), and you have to chose one optional, meaning one must be omitted by choice, and the other one is optional.

specification/schema/bom-1.5.xsd

Lines 643 to 654 in c320fc0

	<xs:choice>
	<xs:element name="id" type="spdx:licenseId" minOccurs="0" maxOccurs="1">
	<xs:annotation>
	<xs:documentation>A valid SPDX license ID</xs:documentation>
	</xs:annotation>
	</xs:element>
	<xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
	<xs:annotation>
	<xs:documentation>If SPDX does not define the license used, this field may be used to provide the license name</xs:documentation>
	</xs:annotation>
	</xs:element>
	</xs:choice>

This appears to be unintended. In contrast,

• JSON defines a choice of a mandatory field in this case:

  specification/schema/bom-1.5.schema.json

  Lines 732 to 739 in cc15c85

  	"oneOf": [
  	{
  	"required": ["id"]
  	},
  	{
  	"required": ["name"]
  	}
  	],

• ProtoBuff defines a choice of a mandatory field:

  specification/schema/bom-1.5.proto

  Lines 340 to 345 in cc15c85

  	oneof license {
  	// A valid SPDX license ID
  	string id = 1;
  	// If SPDX does not define the license used, this field may be used to provide the license name
  	string name = 2;
  	}

[jkowalleck]

test cases are here: #289

[jkowalleck]

proposed solution: remove minOccurs="0" maxOccurs="1" in XML, so that both are mandatory.

[jkowalleck]

fix here: #292