Create artifact report type for SBOM files

Why are we doing this work

1 - Update gemnasium to output CycloneDX SBOMs (#350509 - closed) added support for outputting cyclonedx-<package-type>-<package-manager>.json. These cyclonedx-<package-type>-<package-manager>.json files are output automatically when including the Dependency-Scanning.gitlab-ci.yml template, as implemented in Add CycloneDX reports to DS template (!80693 - merged).

The purpose of this issue is to create a new Artifact report for these CycloneDX SBOM files, using a structure similar to artifacts:reports:coverage_report, for example:

artifacts:
  reports:
    sbom:
      format: cyclonedx
      paths:
        - gl-sbom-*.cdx.json

Relevant link

This is part of a wider epic to add SBOM ingestion: &8024 (closed)

Non-functional requirements

• Documentation: tbd
• Feature flag: tbd
• Performance: tbd
• Testing: tbd

Proposal

Add an sbom report type so that sbom artifacts can be saved to the database and processed by a background worker.

Implementation Plan

• (weight: 3) backend Update the following components to add an sbom report type
  • Ci::JobArtifact
  • EE::Ci::JobArtifact
  • EE::Ci::Build
  • Gitlab::Ci::Config::Entry::Reports
• (weight: 3) update CI reports to add an sbom:format keyword (using coverage_report:coverage_format MR as a guide)
  • (weight: 3) backend add Gitlab::Ci::Config::Entry::Reports::Sbom to https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/reports specifying the format and path keys
• (weight: 2) documentation update report types documentation to add sbom https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html
• (weight: 2) backend update json schema to include validation for the new report type