Generate element relationship information

[alilleybrinker]

SPDX permits specification of the relationship between elements. There's a pretty substantial list of relationship types that can be represented, and of entities that can be related. The documentation gives come examples:

Relationship: SPDXRef-grep CONTAINS SPDXRef-make
RelationshipComment: Package grep contains file make

Relationship: SPDXRef-DOCUMENT AMENDS DocumentRef-SPDXA:SPDXRef-DOCUMENT
RelationshipComment: This current document is an amendment of the SPDXA document.

Relationship: SPDXRef-CarolCompression DEPENDS_ON NONE
RelationshipComment: The package CarolCompression can be considered as a root with no dependencies.

Relationship: SPDXRef-BobBrowser CONTAINS NOASSERTION
RelationshipComment: The package BobBrowser may have other packages embedded in it, but the author has insufficient information to treat this as other than unknown at this point in time.

We need to generate this information for files in a crate, as well as for dependencies used.

[tofay]

#9 introduces relationships between a binary file for the SBOM and all the dependent crates
#10 introduces relationships between crates and their source files