Pluses and spaces

[matt-phylum]

Overview

This PR escapes the plus sign character when emitting qualifiers into a PURL string. This avoids problems when parsing PURLs using packageurl-dotnet, packageurl-go, packageurl-java, packageurl-js, or packageurl-ruby, all of which incorrectly convert plus signs in qualifiers into spaces on read as if the qualifiers were x-www-form-urlencoded.

This PR does not fix the compatibility problem when parsing a PURL produced by packageurl-dotnet, packageurl-go, or packageurl-ruby, which incorrectly convert spaces to plus signs in qualifiers on write for the same reason. We can't tell what implementation generated the PURL so we can't tell whether it correctly implements the qualifier section of the spec or not.

This PR also does not fix the problem where packageurl-dotnet, packageurl-java, and packageurl-ruby incorrectly convert plus signs in other parts of the purl into spaces on read, or the problem where packageurl-dotnet and packageurl-ruby incorrectly convert spaces in other parts of the purl into plus signs on write. This is pretty clearly an implementation error because even if the qualifiers were x-www-form-urlencoded, the rest of the PURL is definitely not x-www-form-urlencoded.

Checklist

• Does this PR have an associated issue?
• Have you ensured that you have met the expected acceptance criteria?
• Have you created sufficient tests?

Issue

Ref #11