Generate and output sbom in GHA

[AndreKurait]

Description

Use Syft action to generate and output sbom alongside published artifacts. Added license identifier to created jars.

• Category: Enhancement
• Why these changes are required? Users expect software boms with artifacts
• What is the old behavior before changes and new behavior after changes?

Issues Resolved

Is this a backport? If so, please add backport PR # and/or commits #

Testing

Tested with GHA, see https://github.com/opensearch-project/opensearch-migrations/actions/runs/11713035148?pr=1121

Check List

• [ ] New functionality includes testing
  • [ ] All tests pass, including unit test, integration test and doctest
• [ ] New functionality has been documented
• [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 80.60%. Comparing base (c189ced) to head (acc368a). Report is 5 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1121 +/- ## ============================================ + Coverage 80.51% 80.60% +0.09% - Complexity 2871 2914 +43 ============================================ Files 393 393 Lines 14554 14630 +76 Branches 1000 1007 +7 ============================================ + Hits 11718 11793 +75 + Misses 2229 2228 -1 - Partials 607 609 +2 ``` | [Flag](https://app.codecov.io/gh/opensearch-project/opensearch-migrations/pull/1121/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | Coverage Δ | | |---|---|---| | [gradle-test](https://app.codecov.io/gh/opensearch-project/opensearch-migrations/pull/1121/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | `78.72% <ø> (+0.12%)` | :arrow_up: | | [python-test](https://app.codecov.io/gh/opensearch-project/opensearch-migrations/pull/1121/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | `90.33% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.