Patch Dependency Export to be resillient against invalid record matches

Summary

The vulnerability export might sometimes error due to a timing issue. This can be worked around by trying the export again.

This happens because we have multiple databases, and foreign keys that cross from one database to another are eventually consistent with their cascades. When a project is deleted, the sbom_occurrences records that belong to that project are deleted some time later. If a dependency list export is done in the meantime, that export will error.

Proposed fix

The export should account for this case and check if the records point to a non-existent project. If so, those records should be filtered out of the export.