Static Reachability: Merge the calculator and the matcher to one binary

Context

As a continuation of this MR we would like to use just one binary in the enrich-cdx-results step. In order for that to happen, we need to merge the sca-to-sarif-matcher project with the sbom-reachability-calculator.

DOD

The task is complete when we have one binary that accepts the GLAS_SCA.json file and SCA analyzer cdx file, and enriches the cdx file with the static reachability information according to the compiled artifact.

More specifically:

• We need to merge to two projects into one / use a git submodule strategy
• We might need to alter the CI flow to output one unified binary
• We should consider the writing of the sca.json file as it was used to propagate data between the two projects