Add `shortest_path` and `introduced_by` fields when creating report with Gitlab::VulnerabilityScanning::SbomScanner

Proposal

As mentioned in !121607 (comment 1424908531), we should add the shortest_path and introduced_by fields so that the SbomScanner class reaches parity with what is produced by the gemnasium analyzer.

@fcatteau See https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/029732900a81f48f11a8959bc70d0b617fd9fb0c/qa/expect/scala-sbt/default/gl-dependency-scanning-report.json#L68 for instance:

      "details": {
        "introduced_by_package": {
          "type": "text",
          "name": "Introduced by Package",
          "value": "org.apache.geode/geode-core:1.1.1"
        },
        "shortest_path": {
          "type": "list",
          "name": "Shortest Path",
          "items": [
            {
              "type": "text",
              "value": "org.apache.geode/geode-core:1.1.1"
            }
          ]
        },
        "vulnerable_package": {
          "type": "text",
          "name": "Vulnerable Package",
          "value": "com.fasterxml.jackson.core/jackson-databind:2.9.2"
        }
      }

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited Jun 14, 2023 by 🤖 GitLab Bot 🤖