Introduce the sbt bom parser

What does this MR do?

The goal is to use sbt makeSbom instead of sbt dependencyDot for sbt projects with versions >= 1.1. For that purpose we add a new parser that can parse the generated report of sbt makeSbom command. The generated report is in XML format and an example can be seen in the fixtures added.

MR Stack

• Move SBT parser into dot directory (!555 - merged)
• Install sbt-bom plugin in docker images (!554 - closed)
• Introduce the sbt bom parser (!556 - merged) 👈
• Call sbt makeBom in case the plugin is compatible (!557 - closed)

What are the relevant issue numbers?

Gemnasium fails when running sbt dependencyDot:... (gitlab-org/gitlab#390287 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer