Security Review for GA lunch of Dependency Scanning using SBOM

Proposal

Based on the Generally Available criteria in https://docs.gitlab.com/policy/development_stages_support/#generally-available, a security review is required:

Must have a completed security review before moving to GA. Security review scope is determined by feature characteristics (customer-facing functionality, infrastructure impact, data access patterns). Features moving to GA with partially complete security reviews require E-Group approval.