Upgrade Jenkins X repositories to support generating and store SBOMs

[osamamagdy]

We aim to enhance the supply chain security of Jenkins X by adding SBOM generation to the release pipeline of each jx binary.
The current procedure for this is to include two important steps from the documentation

This is the tentative list of repositories (the list will be updated if we find any missing repositories) that we should upgrade:

• jx-kubeclient - no other jx dependencies

• go-scm - no other jx dependencies

• logrus-stackdriver-formatter - no jx dependencies

• lighthouse
  go-scm

• jx-logging:
  logrus-stackdriver-formatter

• secretfacade
  jx-logging

• jx-api
  jx-logging

• jx-helpers
  github.com/jenkins-x/go-scm
  github.com/jenkins-x/jx-api
  github.com/jenkins-x/jx-kube-client
  github.com/jenkins-x/jx-logging

• jx-git-operator

• bdd-jx3

• jx-gitops

• jx-changelog

• jx-secret

• jx-admin

• jx-preview

• jx-promote

• jx-updatebot

• jx-scm

• jx-registry

• jx-slack

• jx-release-version

• jx-verify

• jx-application

NOTE: it's fine if you don't follow the order, the order is only there to limit the number of PRs we open as part of an upgraded effort

We will use this issue to keep track of which repositories have been upgraded.
If you are interested in contributing, please comment

I want to upgrade <repo-name>

When opening a PR in these repos to support SBOMs, remember to include

related to #<issue-number>

Don't use fixes as that will close this issue once ur PR is merged.
Once your PR is merged, comment on this issue:

<reponame> is supporting SBOM generation

If you encounter any issues when upgrading, please make a note of that issue and how you fixed it in this PR, so that it helps other contributors. Remember to comment back on the issue and fix it in this PR, so others can see it.

We will start working on this issue on Sep 6

[osamamagdy]

jx-git-operator is supporting SBOM generation

[osamamagdy]

jx-gitops has an error when trying to retrieve the SBOM with
oras pull ghcr.io/jenkins-x/jx-gitops:0.8.0-sbom the error is:
Error: failed to resolve path for writing: path traversal disallowed

[osamamagdy]

jx-admin has an empty SBOM generated on the OCI registry but the command oras pull ghcr.io/jenkins-x/jx-admin:0.2.0-sbom has no errors

[osamamagdy]

jx-promote has an empty SBOM generated on the OCI registry but the command oras pull ghcr.io/jenkins-x/jx-promote:0.4.2-sbom has no errors

[osamamagdy]

jx-slack has an error when trying to retrieve the SBOM with
oras pull ghcr.io/jenkins-x/jx-slack:0.2.0-sbom the error is:
Error: failed to resolve path for writing: path traversal disallowed

[osamamagdy]

jx-release-version has an error when trying to retrieve the SBOM with oras pull ghcr.io/jenkins-x/jx-release-version:2.6.0-sbom the error is:
Error: failed to resolve path for writing: path traversal disallowed

[osamamagdy]

jx-verify has an error when trying to retrieve the SBOM with oras pull ghcr.io/jenkins-x/jx-verify:0.3.0-sbom the error is:
Error: failed to resolve path for writing: path traversal disallowed

[osamamagdy]

jx-application has an error when trying to retrieve the SBOM with oras pull ghcr.io/jenkins-x/jx-application:0.3.0-sbom the error is:
Error: failed to resolve path for writing: path traversal disallowed