Fix RPM missing checksum reporting

[brunoapimentel]

This patch fixes the property that is added to the SBOM component indicating that an RPM file had its checksum missing in a processed lockfile to point to the actual lockfile path, instead of the RPM filename.

Current behavior:

  {
    "name": "cachi2:missing_hash:in_file",
    "value": "gpm-1.20.7-44.fc39.src.rpm"
  }

Fixed behavior:

  {
    "name": "cachi2:missing_hash:in_file",
    "value": "rpms.lock.yaml"
  }

Maintainers will complete the following section

• [ ] Commit messages are descriptive enough
• [ ] Code coverage from testing does not decrease and new code is covered
• [ ] Docs updated (if applicable)
• [ ] Docs links in the code are still valid (if docs were updated)