scripts: west_commands: zspdx: updating sbom data based on cpe reference

The PackageName, PackageVersionand and PackageSupplier in the generated
SBOM will be updated based on the information passed in the
external-references in the module.yml.
This way packages are better recognized by vulnerability scanning tools
like cve-bin-tool.

Signed-off-by: Rico van Dongen <rdongen@ziggo.nl>