Add repo dependency ingester

[evankanderson]

Summary

Add a dedicate ingestion mode for repository dependencies which uses https://github.com/google/osv-scalibr to extract the dependencies from various lockfile and other dependency files in the repository.

See this design doc for the long term direction on dependency ingest; this is part of "stage 1" (but needs tests)

Change Type

Mark the type of change your PR introduces:

• [ ] Bug fix (resolves an issue without affecting existing features)
• [x] Feature (adds new functionality without breaking changes)
• [ ] Breaking change (may impact existing functionalities or require documentation updates)
• [ ] Documentation (updates or additions to documentation)
• [ ] Refactoring or test improvements (no bug fixes or new functionality)

Testing

Still work in progress... Feel free to pick this up and patch it in while I am out.

Review Checklist:

• [x] Reviewed my own code for quality and clarity.
• [ ] Added comments to complex or tricky code sections.
• [ ] Updated any affected documentation.
• [ ] Included tests that validate the fix or feature.
• [x] Checked that related changes are merged.

[coveralls]

coverage: 54.266% (-0.3%) from 54.525% when pulling c09e0a573873729420f4ea41b237b98751e6f07c on evankanderson:deps-ingest into a3fbb21d6fb159f69022f086dd82488ac7efd1ce on mindersec:main.