fix: make pep621 license detections type-aware

[manavgup]

Addresses #915

Description

This PR fixes a bug where an AttributeError was raised when parsing a pyproject.toml file with a license field specified as a string (per PEP 639), rather than as a table (per PEP 621). The bug occurred because the code assumed the license field was always a dict and attempted to call .get() on a string.

Key Changes

• Enhanced project2licenses in pep621.py:
• Now correctly handles both string and dict types for the license field in pyproject.toml.
• If the license is a string (PEP 639), it is treated as a license expression or reference.
• If the license is a dict (PEP 621), it is handled as before (supporting text and file keys).
• Added a type check and error for unexpected types.

Added Unit Tests:

Created tests/unit/test_pep621.py to directly test project2licenses for:

• license as a string (PEP 639)
• license as a dict with text (PEP 621)
• license as a dict with file (PEP 621)

Tests cover correct parsing and object creation for all supported license formats.

Test Robustness:

Tests are robust to the behavior of the license factory for unknown license references, checking both id and text fields.

Code Style:

• All code follows project style guidelines (PEP8, sorted imports, f-strings, single quotes, lower_snake_case).

Motivation and Context

• Fixes an AttributeError when using a PEP 639 license string in pyproject.toml.
• Ensures compliance with the latest packaging standards and improves compatibility with modern Python projects.
• Adds direct unit tests for license parsing logic, increasing test coverage and reliability.

Checklist

[x] Code style and imports are clean (pyupgrade, isort, autopep8).
[x] All new and existing tests pass.
[x] Commits are signed off (git commit -s).

[jkowalleck]

some CI/CT is failing:

• https://github.com/CycloneDX/cyclonedx-python/actions/runs/15881280373/job/44782080398?pr=920#step:6:276
  please add the missing copyright headers. see an example here:

  cyclonedx-python/tests/functional/test_license_trove_classifier.py

  Lines 1 to 16 in aab442d

  	# This file is part of CycloneDX Python
  	#
  	# Licensed under the Apache License, Version 2.0 (the "License");
  	# you may not use this file except in compliance with the License.
  	# You may obtain a copy of the License at
  	#
  	# http://www.apache.org/licenses/LICENSE-2.0
  	#
  	# Unless required by applicable law or agreed to in writing, software
  	# distributed under the License is distributed on an "AS IS" BASIS,
  	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  	# See the License for the specific language governing permissions and
  	# limitations under the License.
  	#
  	# SPDX-License-Identifier: Apache-2.0
  	# Copyright (c) OWASP Foundation. All Rights Reserved.

• some security warnings occurred: https://github.com/CycloneDX/cyclonedx-python/actions/runs/15881280373/job/44782080428?pr=920#step:6:1913 ff
  please have them fixed.
• all tests on windows are failing see for example: https://github.com/CycloneDX/cyclonedx-python/actions/runs/15881280373/job/44782080581?pr=920#step:8:1748
  this is probably due to the fact that the PEP621 does not use windows directory separators, but something else...

[jkowalleck]

fixed the still open points in the tests.

[jkowalleck]

the fix was released via https://github.com/CycloneDX/cyclonedx-python/releases/tag/v6.1.2