Describe the bug
In a recent PR, the logic was adjusted because the NVD data source may not include tags. This change allows for a trailing comma in a JSON map, which is invalid.

Version of dependency-check used
The problem occurs using version 9.0.3 of the cli (and probably others distributions)

Log file

"references": [ {"source": "[email protected]","url": "https:\/\/lists.apache.org\/thread.html\/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E",}]

To Reproduce
Steps to reproduce the behavior:

1. Scan software which has NVD NIST CVE reference links that are missing tags (see: NVD NIST CVE reference links are not rendered correctly in reports with 9.x when they are missing tags #6200)
2. Enable the -f JSON report format.
3. Observe the resulting document

Expected behavior
The json generated does not have a trailing space.

Additional context
See also: #6234 and #6205.

https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/templates/jsonReport.vsl#L253-L258