fix: don't drop response field on CycloneDX VEX generation

As per
  https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_analysis_response
the response field in CycloneDX is of type array and lib4sbom will silently
drop it, if the type does not match.

So add the full response array for CycloneDX files when generating VEX files.

Signed-off-by: Heiko Stuebner <heiko.stuebner@cherry.de>

Author: Heiko Stuebner

cve_bin_tool/vex_manager/generate.py

@@ -213,7 +213,10 @@ def __get_vulnerabilities(self) -> list[Vulnerability]:
                 if cve.justification:
                     vulnerability.set_justification(cve.justification)
                 if cve.response:
-                    vulnerability.set_value("remediation", cve.response[0])
+                    if self.vextype == "cyclonedx":
+                        vulnerability.set_value("remediation", cve.response)
+                    else:
+                        vulnerability.set_value("remediation", cve.response[0])
                 detail = (
                     f"{cve.remarks.name}: {cve.comments}"
                     if cve.comments