only produce `output_path` for the actually-used output

[raboof]

when creating the runtime sbom for the Gnome ISO with sbomnix $(nix-build nixos/release-combined.nix -A nixos.iso_gnome.x86_64-linux) on nixpkgs 0e74ca98a74bc7270d28838369593635a5db3260, the CycloneDX JSON output contains:

{
      "type": "application",
      "bom-ref": "/nix/store/vkx2srall0p9q68hm73zpwq9cmv8pmjg-qemu-host-cpu-only-8.2.1.drv",
      "name": "qemu-host-cpu-only",
      "version": "8.2.1",
      "purl": "pkg:nix/qemu-host-cpu-only@8.2.1",
      "cpe": "cpe:2.3:a:qemu-host-cpu-only:qemu-host-cpu-only:8.2.1:*:*:*:*:*:*:*",
      "description": "A generic and open source machine emulator and virtualizer",
      "licenses": [
        {
          "license": {
            "id": "GPL-2.0-or-later"
          }
        }
      ],
      "properties": [
        {
          "name": "nix:output_path",
          "value": "/nix/store/38nyj07s5k4l7dhnpjap5clqdgx3b38k-qemu-host-cpu-only-8.2.1-ga"
        },
        {
          "name": "nix:output_path",
          "value": "/nix/store/c7cw8hgpb1wks5f91ijkm1xv9nmp2zk8-qemu-host-cpu-only-8.2.1"
        },
        {
          "name": "nix:drv_path",
          "value": "/nix/store/vkx2srall0p9q68hm73zpwq9cmv8pmjg-qemu-host-cpu-only-8.2.1.drv"
        },
        {
          "name": "homepage",
          "value": "https://www.qemu.org/"
        }
      ]
    },

However, looking at the output of nix-store -q --tree $(nix-build nixos/release-combined.nix -A nixos.iso_gnome.x86_64-linux), I would expect only the /nix/store/38nyj07s5k4l7dhnpjap5clqdgx3b38k-qemu-host-cpu-only-8.2.1-ga output path and not /nix/store/c7cw8hgpb1wks5f91ijkm1xv9nmp2zk8-qemu-host-cpu-only-8.2.1

[henrirosten]

@raboof: Sorry for the radio silence and thanks for reporting this issue. I'll look into this ASAP.

[henrirosten]

This issue is fixed with: https://github.com/tiiuae/sbomnix/pull/109.

@raboof: let me know if you still see the problem.

[raboof]

Looks good at first sight, thanks!