Add SBOM component fetchers

Why are we doing this work

To perform License Scanning as described in &9400 (closed), we need to list the SBOM components of a project branch or CI pipeline (before searching for their licenses).

Implementation Plan

1. Add classes for fetching SBOM components:

   • Add a Gitlab::LicenseScanning::PipelineComponents class which takes a pipeline as input.
   • Add a Gitlab::LicenseScanning::BranchComponents which takes a project and branch_ref as input.

   These classes fetch and parse the SBOM artifact from the pipeline, and return an array of Hashie::Mash objects which contain the following fields:

   • name
   • version
   • purl_type

2. Add tests for the new classes.