Add jobs to generate image SBOM

What does this MR do?

• Add image sbom job that generates a SBOM for the default image, using Trivy.
• Add image sbom fips that generates a SBOM for the -fips image when Dockerfile.fips exists.
• Skip these jobs unless GENERATE_IMAGE_SBOM is set (opt-in).

What are the relevant issue numbers?

This was needed to do gitlab-org&7857 (closed).

• sbom + cryptographic audit of gemnasium (gitlab-org/gitlab#357918 - closed)
• sbom + cryptographic audit of gemnasium-maven (gitlab-org/gitlab#357919 - closed)
• sbom + cryptographic audit of gemnasium-python (gitlab-org/gitlab#357920 - closed)

Also, this can be considered as a PoC for Create CycloneDX report for container scanning (gitlab-org/gitlab#354446 - closed).

Testing

• pipeline where GENERATE_IMAGE_SBOM isn't set,
  • There's no image sbom job.
  • There's noimage sbom fips job.
• pipeline where GENERATE_IMAGE_SBOM is set, and a repo with Dockerfile.fips,
  • image sbom job generates the SBOM for the default image, and it's named cyclonedx-image.json.
  • image sbom fips job with expected SBOM for the FIPS image, and it's named cyclonedx-image-fips.json.