Group dependencies by project and location

Why are we doing this work

Currently dependency list only available on the project level. Those don't require any type of grouping by project and location as they are in a one to one relationship. on a group level, each dependency can be associated with multiple projects and locations.

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

• backend DependencyEntity already expects name, version, packager and location. projects need to be added but only considered on a group level (i.e., when project isn't available). It should expose full_path and name.
• backend the grouping can be performed in-between ::Sbom::DependenciesFinder and ::DependencyListSerializer calls as available via this issue. The main concern is the performance cost for fetching project and location information for each dependency.

Testing

• Add appropriate feature specs
• Review if an E2E spec needs to be added

Verification steps

1. For some context go to this test group and click on Secure -> Dependency list. This issue doesn't include the UI though.
2. Navigate to the dependencies.json endpoint and check if occurrence_count and project_count are present as part of the payload.