Rework of Artifact::mergeWith

[neubs-bsi]

Summary of the Bug

The Artifact::mergeWith method will not work correctly if there are two artifacts with the same coordinates and facts but different content.

Steps to reproduce

1. Option:
   Run example-projects/example-project with the CSVAnalyzer and csv file, which contains two artifacts with same coordinates, but different declared licenses:

Artifact Id;Group Id;Version;Coordinate Type;Effective License;Declared License;Observed License;Copyrights;Hash;Source URL;Release Tag URL;Software Heritage ID;Clearing State;Change Status;CPE;File Name
commons-cli;org.apache.commons;1.4;mvn;;Apache-2.0;;;;;;;;;;
commons-cli;org.apache.commons;1.4;mvn;;MIT;;;;;;;;;;

2. Option:
   Run the code snippet from the comment below

Acceptance Criteria

• The mergeWith method works properly when merging two artifacts with the same coordinates and facts.

Definition of Done

• Acceptance criteria fulfilled
• A test case is created to reproduce the bug
• A PR is created, the CI infrastructure reports green, the bug test case proves that bug is fixed
• The PR is reviewed and approved
• No TODOs left in the code unless explained in the ticket, if something else is still open, this is summarized in a comment in the issue
• Documentation is updated

[neubs-bsi]

From the discussion:
Artifact::mergeWith: This method should be reworked because it does not work correctly if there are two artifacts with the same coordinates and facts but different content e.g.:

License declaredLicenses1 = new License();
declaredLicenses1.setName("license1");
declaredLicenses1.setLongName("licenseNumber1");
License declaredLicenses2 = new License();
declaredLicenses2.setName("license2");
declaredLicenses2.setLongName("licenseNumber2");

Artifact a1 = new Artifact()
        .addFact(new ArtifactCoordinates(new Coordinate(Coordinate.Types.MAVEN, "com.example", "lib1", "1.0")))
        .addFact((new ArtifactFilename("lib1", "hash1")))
        .addFact(new DeclaredLicenseInformation(declaredLicenses1));

Artifact a2 = new Artifact()
        .addFact(new ArtifactCoordinates(new Coordinate(Coordinate.Types.MAVEN, "com.example", "lib1", "1.0")))
        .addFact(new OverriddenLicenseInformation(declaredLicenses2));

a1.mergeWith(a2);

a1 before mergeWith (license1):

a1 after mergeWith (license2):

ProcessingState::applyWorkflowStepResult:
IMO this method works properly and serves its purpose when using it the analyzers and processors. All artifacts from the analyzers are flattened to one list and every processor will overwrite the artifacts from the step before, because it was enriched with new information.