[Spike] Add advisory data as part of SBOM occurrences

Why are we doing this work

Currently SBOM occurrences (group level and graphql) have no related advisory data. Similar to what has been done as part of this issue, the goal of this issue is to investigate and propose an approach in order to unify: (1) project-level rest API, (2) project-level graphql and (3) group-level rest API.

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

Verification steps