FoD: Add command for downloading FPR

[rsenden]

Add fcli fod release download-fpr --scan-type <type> -f <file> or similar command.

[rsenden]

Rudimentary implementation in a918cda7d605127034f2cf300657f5f39df110ae.

To-do's:

• Add progress information/updates
• Handle situations where no FPR file is available for download (FoD returns HTTP 202 indefinitely, causing this command to hang)
• Decide on consistency with import-* commands; we currently have a single download-fpr command that accepts --scan-type option, whereas we have separate import-* commands for each scan type
• Does the endpoint always return an FPR file, even for OSS/Debricked results for example? If not, maybe we should rename to download-scan instead?
• Decide on polling interval; too short (like 5 seconds) causes rate limit error, too long will keep the user waiting for longer than necessary (also see #404; once we gracefully handle rate limits, we can potentially shorten the polling interval)

[rsenden]

For now, fcli will need to assume a 2-year retention period; if last scan date is older than 2 years, then fcli will need to throw an error instead of trying to invoke the download-fpr endpoint. Just to be sure, we may want to add a time-out option with an appropriate default value like 1 or 5 minutes, aborting the download operation with an error if FoD has been returning 202 responses for longer than the configured time-out.

Structuring of the commands is subject to ongoing discussion.

For OSS/SBOM, there are separate endpoints; download-fpr endpoints only support Static and Dynamic scan types.

[kadraman]

The check for last scan date has been added.

I also looked at adding a maxRetries check but is unclear what a suitable value would be as it seems if the FPR is not available it is generated/pulled from some sort of storage (which can take some time) but after that is more or less instantly available.