[Backend] SBOM based scans are excluded from security inventory

The newly introduced Security Inventory and its security analyzer indicators are currently ignoring SBOM-based dependency scanning. See this comment on the feedback issue.

The reason is that the job artifacts are defined as cyclonedx, while the post-processing currently only considers dependency_scanning as a valid report type for DS.

To fix this, we likely need to update the post-pipeline service to also include the missing cyclonedx type when matching artifacts to expected types for each scanner.