feat(go): construct dependencies in the parser

[knqyf263]

Description

The construction of the relationship between the root package and direct dependencies is now done by the SBOM package, etc. https://github.com/aquasecurity/trivy/blob/542a3808239e08a41087f8af531efe8762958f29/pkg/sbom/io/encode.go#L420-L462

However, since the logic has become complicated, it should be changed to be done on the analyzer side (strictly speaking, on the parser side) for the sake of simplification.

Related PRs

• https://github.com/aquasecurity/trivy/pull/7889

Checklist

• [x] I've read the guidelines for contributing to this repository.
• [x] I've followed the conventions in the PR title.
• [x] I've added tests that prove my fix is effective or that my feature works.
• [ ] I've updated the documentation with the relevant information (if needed).
• [ ] I've added usage information (if the PR introduces new options)
• [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).