Add invalid data handling to SBoM Dependency list export

Summary

We recently introduced a change to the SBOM (Software Bill of Materials) dependency list exports that replaced raising schema validation errors with logging. Previously, if we encountered invalid data the schema validation error would be thrown and the export job would fail indefinitely. The change allows the job to complete, but the resulting report may have invalid data.

The primary cause of schema invalidation errors is likely the Unknown Licenses that are injected into the DB during ingestion, as they do not have a valid spdx_identifier.

We should remove the unknown licenses before exporting the report. We may need to monitor our logs to gain more information on other invalid data types and handle them as they come.

Relevant Links:

• discussion about updating the static spdx identifier list
• #563882 (comment 2771593843) (solution description)

Relates to #563882 (closed)