Move sbom ingestion under store scan reports

What does this MR do and why?

Move sbom ingestion under store scan reports as vulnerability findings are required as a dependency for sbom occurrences.

EE: true

Related issue: #426122 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.