Output CycloneDX reports

What does this MR do?

This MR adds support for outputting CycloneDX reports, for example:

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",
  "serialNumber": "urn:uuid:b9b3a9a0-ff76-48f8-9064-436627f34adc",
  "version": 1,
  "metadata": {
    "timestamp": "2022-02-23T07:58:59Z",
    "tools": [
      {
        "vendor": "GitLab",
        "name": "Gemnasium",
        "version": "2.34.0"
      }
    ],
    "authors": [
      {
        "name": "GitLab",
        "email": "support@gitlab.com"
      }
    ],
    "properties": [
      {
        "name": "gitlab:input_file",
        "value": "ruby-project-1/Gemfile.lock"
      },
      {
        "name": "gitlab:package_manager",
        "value": "bundler"
      }
    ]
  },
  "components": [
    {
      "name": "coderay",
      "version": "1.1.0.rc2",
      "purl": "pkg:gem/coderay@1.1.0.rc2",
      "type": "library",
      "bom-ref": "pkg:gem/coderay@1.1.0.rc2"
    }
  ]
}

What are the relevant issue numbers?

gitlab-org/gitlab#350509 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer