Update parser functions to directly return a dependency graph

Why are we doing this work

We return a separate list of packages and dependencies when we analyze a project's dependencies. This has led to problems in the past where the lists can be come out of sync, and requires us to have two conversions; one for dependency scanning reports and another for cyclonedx reports. We can simplify the process now that we don't require the dependency scanning reports and remove the risk of out of sync package and dependencies lists.

Relevant links

Continuation of &14484 (comment 2034496032)

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

Verification steps