🤖 Add SBOM artifacts to CI pipelines

[mudler]

What this PR does / why we need it: This PR introduces generated images SBOM to our releases

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Part of #51

This PR introduces https://github.com/anchore/syft generating a SBOM which is attached at the end of the image build process. It also adds the SBOM to the uploaded artifacts (jobs and releases)

Example generated SBOM files: core-debian-v1.6.0-14-g193c740-dirty-sbom.s.zip

[netlify]

✅ Deploy Preview for kairos-io canceled.

Name	Link
🔨 Latest commit	08ecb29
🔍 Latest deploy log	https://app.netlify.com/sites/kairos-io/deploys/63ffc2b40852ea0008fa6ce3

[codecov-commenter]

Codecov Report

Merging #998 (08ecb29) into master (193c740) will not change coverage.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##           master     #998   +/-   ##
=======================================
  Coverage   22.79%   22.79%           
=======================================
  Files          22       22           
  Lines        1610     1610           
=======================================
  Hits          367      367           
  Misses       1179     1179           
  Partials       64       64           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[Itxaka]

lol

[Itxaka]

shouldnt it be ${VARIANT}-${FLAVOR}-${VERSION} ? Not sure if we ever change the variant but in case we do that would trickle down to the naming here as well.

[Itxaka]

small nit, feel free to ignore