Preserve package manifests to allow SBOM generation

[LaurentGoderre]

Description:

Package manifest for PHP and Javascript packages are being excluded from releases which make it difficult to generate SBOM for the release. Preserving them would make this much easier.

Review

• Functional review done
• Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• Documentation added if needed
• Existing documentation updated if needed

[sgiehl]

Hey @LaurentGoderre. I understand the purpose of your PR, but we aim to keep our releases free of files that aren't needed. Most of those files are included in our repository, so if you need them, you may need to work with a Git checkout instead.

Or what could be even more interesting would be to generate some useful SBOM during a release and include the results in the release. If you are keen on helping to integrate something like that, let us know.

[github-actions]

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.

[sgiehl]

closing in favor of #22054