Fix STIX version detection from dicts

[chisholm]

Fixes #318 .

In particular, 2.1 SCOs without the spec_version property ought to be correctly detected as 2.1 now. This is done based on the presence of an ID property, and that their type is in the 2.1 observable type mapping.

The functionality is factored out into a dedicated function. This allows reuse, including recursive reuse when detecting bundle spec version from the spec versions of its contents. Also added a unit test suite specifically for this capability.

Note that scanning bundle contents is not currently strictly necessary for determining bundle spec version: if spec_version is present => 2.0, else 2.1. This is trivially detectable. I thought maybe the original scan was intended for future-proofing, under the assumption that a 2.1+ bundle would never be allowed to hold SCOs of a version later than the bundle spec version. So I kept it. That implies that 2.1+ bundle spec version could be computed as the max of the spec versions of its contents, with a 2.1 minimum. In theory, maybe the correct conclusion is the bundle spec version is not less than the max contained object spec version (so could be a range of versions greater or equal), but we are currently only dealing with two versions, 2.0 and 2.1, and I think some of the bridges are best crossed when we come to them. (In fact, that may argue for not bothering with a scan at all at this point.)

[codecov-io]

Codecov Report

Merging #337 into master will increase coverage by 0.04%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #337      +/-   ##
==========================================
+ Coverage   98.12%   98.17%   +0.04%     
==========================================
  Files         123      124       +1     
  Lines       13839    14168     +329     
==========================================
+ Hits        13580    13909     +329     
  Misses        259      259

Impacted Files	Coverage Δ
stix2/core.py	100% <100%> (ø)	⬆️
stix2/test/test_spec_version_detect.py	100% <100%> (ø)
stix2/test/v21/test_relationship.py	100% <0%> (ø)	⬆️
stix2/test/v20/test_campaign.py	100% <0%> (ø)	⬆️
stix2/test/v21/test_core.py	100% <0%> (ø)	⬆️
stix2/test/v21/test_attack_pattern.py	100% <0%> (ø)	⬆️
stix2/test/v21/test_custom.py	100% <0%> (ø)	⬆️
stix2/test/v20/test_granular_markings.py	100% <0%> (ø)	⬆️
stix2/test/v20/test_malware.py	100% <0%> (ø)	⬆️
stix2/test/v20/test_report.py	100% <0%> (ø)	⬆️
... and 59 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c96b742...f86b6e8. Read the comment docs.

[clenk]

LGTM! Thanks, @chisholm.