fix: honor cdxgen excluded project types

[BharatDeva]

Fixes owasp-dep-scan#450

Data Context

--cdxgen-args "--exclude-type ..." was reaching cdxgen, but dep-scan selected every detected project type before invoking cdxgen. That meant an excluded type such as yaml-manifest could still be scheduled as a separate scan, which is the behavior reported in the issue.

Logic Adjustment

This change parses both supported cdxgen forms:

• --exclude-type value
• --exclude-type=value

The parsed project types are then used to filter dep-scan's detected project_types_list before the scan loop schedules cdxgen invocations.

Validation

I ran the focused tests and style checks locally on Windows:

.\.venv\Scripts\pytest test\test_utils.py::test_excluded_project_types_from_cdxgen_args test\test_cli.py::test_set_project_types_honors_cdxgen_exclude_type
# 2 passed in 2.63s

.\.venv\Scripts\python -m ruff check depscan\cli.py depscan\lib\utils.py test\test_cli.py test\test_utils.py
# All checks passed!

.\.venv\Scripts\python -m ruff format --check depscan\cli.py depscan\lib\utils.py test\test_cli.py test\test_utils.py
# 4 files already formatted

git diff --check
# clean

Downstream Impact

No dependency, schema, or report format changes. The only behavior change is that project types explicitly excluded through cdxgen args are no longer scheduled as separate dep-scan project scans.