scikit-learn-intelex - Test CVE-Bin-Tool for C/C++ repos (even if no binaries are released)

[rozhukov]

Need to evaluate https://github.com/intel/cve-bin-tool as a Software Composition Analysis (SCA) scanner for C/C++ repos (even if no binaries are released) to:

• Understand dependencies (SBOM)
• Figure out CVEs
• This is needed because Dependabot currently doesn't identify C/C++ dependencies.

[napetrov]

Seems that no other UXL projects have it enabled, should we request it from everyone and not limiting to scikit and oneCK? @rozhukov @rodburns @aahrun