[feat]: Generate a Software Bill of Materials (SBOM) as part of the build process

[millerjp]

An SBOM is a detailed inventory of all components within a software application, including open-source libraries, third-party dependencies, licenses, and known vulnerabilities. It serves as a critical tool for managing software supply chain risks, ensuring compliance, and enhancing security.

Its becoming more common on desktop apps and we should adopt this to allow for easier use in enterprises that require a SBOM.

We should standardise on https://github.com/anchore/syft and use https://github.com/anchore/grype for the code scanning

Feedback from the team is that grype is identifying issues Sonar is missing.

The outputted sbom should be added as a release artifact artefact.

[millerjp]

We should also add this as a link in the info section (see #458 )

[digiserg]

https://github.com/axonops/axonops-workbench-cassandra/actions/runs/11037417382/job/30658223143

first attempt. Not sure how this works though