fix(java): add spring-ldap-core to groupId map

[algojogacor]

Summary

Fixes #4030

When syft scans a Maven project using spring-boot-starter-data-ldap, the generated SBOM incorrectly sets the PURL groupId for spring-ldap-core to spring-ldap-core (the artifact name) instead of the correct org.springframework.ldap.

Root Cause

The DefaultArtifactIDToGroupID map in java_groupid_map.go had no entry for spring-ldap-core. The PURL generator's groupIDFromKnownPackageList() function (step 3 of the fallback chain) returned empty, causing the groupId to fall back to the artifact name.

Fix

Added "spring-ldap-core": "org.springframework.ldap" to the mapping file, placed alphabetically after the existing "spring-ldap" entry at line 384.

Changes

• syft/pkg/cataloger/internal/cpegenerate/java_groupid_map.go: 1 line added (+1 -0)

Testing

• spring-boot-starter-data-ldap dependency: PURL now resolves to pkg:maven/org.springframework.ldap/spring-ldap-core@VERSION ✅
• spring-ldap artifact (existing): PURL remains pkg:maven/org.springframework/spring-ldap@VERSION ✅
• Other spring framework artifacts: Unaffected — no regressions ✅

[spiffcs]

@algojogacor ty for the pr:

There is one commit incorrectly signed off. This means that the author of this commit failed to include a Signed-off-by line in the commit message.

To avoid having PRs blocked in the future, always include Signed-off-by: Author Name authoremail@example.com in every commit message. You can also do this automatically by using the -s flag (i.e., git commit -s).
Here is how to fix the problem so that this code can be merged.

To add your Signed-off-by line to every commit in this branch:

Ensure you have a local copy of your branch by checking out the pull request locally via command line.
In your local branch, run: git rebase HEAD~1 --signoff
Force push your changes to overwrite the branch: git push --force-with-lease origin fix/spring-ldap-core-groupid