Add namespace to sbom components

What does this MR do and why?

Ingested sbom components do not currently include the namespace of a dependency (e.g. org.apache.tomcat in org.apache.tomcat/tomcat-catalina). This creates issues matching package metadata licenses and affected packages.

This MR does the following:

• Adds purl_qualified_name to Gitlab::Ci::Reports::Sbom::Component which uses the purl object to get namespaces when they are provided.
• Updates sbom report ingestion (via Sbom::Ingestion::OccurrenceMap) to use the above method as the name of the component.

There are 2 possible sources of name: (1) from the string name argument and (2) from the purl object argument. We have to support both because according to the specification name, type, and version are the only required attributes.

The attributes coming from the purl object come normalized

• https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/sbom/package_url/decoder.rb#L123
• https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/sbom/package_url/decoder.rb#L133

Tradeoffs

An option here was to add a separate namespace column to the sbom_components table, but since the purl is not a required field and namespace is an attribute that doesn't exist for every package type, this would be overkill. Coupled with the fact that the tables involved are quite large, adding this extra column seemed overkill.

How to set up and validate locally

Running the specs should be sufficient.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #388780 (closed)