Export SBOM manifest file

What does this MR do?

This MR adds support for outputting a sbom-manifest.json file which contains references to the generated SBOM files, as well as additional metadata, for example:

{
  "version": "0.0.1",
  "timestamp": "2022-04-04T11:05:48Z",
  "analyzer": {
    "id": "gemnasium",
    "version": "2.36.0"
  },
  "components": [
    {
      "project": {
        "path": "go-project"
      },
      "package_type": "go",
      "package_manager": "go",
      "language": "Go",
      "files": [
        {
          "type": "sbom",
          "path": "go-project/cyclonedx-go-go.json"
        },
        {
          "type": "input",
          "path": "go-project/go.sum"
        }
      ]
    },
    {
      "project": {
        "path": "ruby-project-2"
      },
      "package_type": "gem",
      "package_manager": "bundler",
      "language": "Ruby",
      "files": [
        {
          "type": "sbom",
          "path": "ruby-project-2/cyclonedx-gem-bundler.json"
        },
        {
          "type": "input",
          "path": "ruby-project-2/Gemfile.lock"
        }
      ]
    }
  ]
}

What are the relevant issue numbers?

Determine ISBOM manifest file structure (gitlab-org/gitlab#352199 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer