upload sbom to a GitHub release

[cpanato]

What type of PR is this?

/kind feature

What this PR does / why we need it:

• upload sbom to a GitHub release

example:

./output/bom-darwin-arm64 generate . -o github --github-release "cpanato/testing-ci-providers@v0.81.22"

/assign @puerco

i think this is a good starting point, lets discuss in what you want to change to capture all your needs /hold

Which issue(s) this PR fixes:

Fixes #439

Special notes for your reviewer:

Does this PR introduce a user-facing change?

upload sbom to a GitHub release

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/bom/blob/main/OWNERS)~~ [cpanato] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[k8s-ci-robot]

@cpanato: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-bom-check-embedded-data	9ea7feb1ee856f9ae965c12e285695f1bbece1a4	link	true	/test pull-bom-check-embedded-data
pull-bom-verify	9ea7feb1ee856f9ae965c12e285695f1bbece1a4	link	true	/test pull-bom-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).