Deserialization of SBOM defaults the metadata/timestamp

[dmeibusch]

public class Metadata extends ExtensibleElement {

    @JsonSerialize(using = CustomDateSerializer.class)
    @VersionFilter(versions = {"1.2", "1.3", "1.4"})
    private Date timestamp = new Date();

This is useful (perhaps) when creating a new SBOM programmatically, to then be serialized. It is misleading when deserializing an existing SBOM without a timestamp where the current date/time may not be expected.

[dmeibusch]

The fix would be to remove this initialization - however this does change existing behaviour.