Generate Software Bill of Materials (SBOM) in 1.1 release pipelines

[nlcamp]

Adds a SBOM generation task to each ADO pipeline that builds release bits. This includes libraries and executables contained in release builds of IoT Edge modules as well as IoT Edge Linux packages (i.e. the edgelet packages). The pipelines changed are:

1. images-release
2. metrics-collector-release

These changes were tested by running each of the above pipelines to confirm the SBOM task ran and generated the expected SBOM files. The Edgelet 1.1 release pipeline was also tested, but its changes were made through ADO and do not have a corresponding YAML file.

Azure IoT Edge PR checklist:

This checklist is used to make sure that common guidelines for a pull request are followed.

General Guidelines and Best Practices

• I have read the contribution guidelines.
• Title of the pull request is clear and informative.
• Description of the pull request includes a concise summary of the enhancement or bug fix.

Testing Guidelines

• Pull request includes test coverage for the included changes.
• Description of the pull request includes
  • concise summary of tests added/modified
  • local testing done.

Draft PRs

• Open the PR in Draft mode if it is:
  • Work in progress or not intended to be merged.
  • Encountering multiple pipeline failures and working on fixes.

Note: We use the kodiakhq bot to merge PRs once the necessary checks and approvals are in place. When it merges a PR, kodiakhq converts the PR title to the commit title, PR description to the commit description, and squashes all the commits in the PR to a single commit. The net effect is that entire PR becomes a single commit. Please follow the best practices mentioned here for the PR title and description