fix(sbom): enforce sbom-only version sources across docs surfaces

[castrojo]

Summary

• enforce SBOM as the single source of truth for kernel/GNOME/Mesa/Fedora across driver versions, images, and changelog version summaries
• keep NVIDIA as the explicit workaround path while removing release-body dependency for SBOM-backed fields
• fix SBOM digest/token correctness and add targeted tests for digest selection and stream derivation

Validation

• node --test scripts/fetch-github-sbom.test.js scripts/fetch-github-driver-versions.test.js
• npm run typecheck
• npm run build

Follow-up

• chore(deps-dev): bump @docusaurus/tsconfig from 3.6.3 to 3.7.0 #57 tracks remaining changelog summary metrics that still parse release HTML and should move to structured SBOM/firehose derivation

Assisted-by: Claude Sonnet 4.6 via GitHub Copilot
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

[gemini-code-assist]

Code Review

This pull request refactors the version fetching logic to prioritize SBOM data over regex-based parsing of release notes. It updates scripts to source Kernel, Mesa, and Fedora versions from SBOMs, improves GHCR token handling with expiry and retry logic, and adds unit tests for script utilities. Frontend components were also updated to import structured data directly. A review comment suggests using an atomic write pattern when saving driver version data to prevent potential file corruption.

[gemini-code-assist]

The script writes the driver versions data directly to the output file. To prevent data corruption or truncated files if the process is interrupted, it is recommended to use an atomic write pattern (writing to a temporary file and then renaming it), similar to the implementation in fetch-github-sbom.js.

Suggested change

	fs.writeFileSync(OUTPUT_FILE, JSON.stringify(output, null, 2), "utf-8");
	const tmpFile = OUTPUT_FILE + ".tmp";
	fs.writeFileSync(tmpFile, JSON.stringify(output, null, 2), "utf-8");
	fs.renameSync(tmpFile, OUTPUT_FILE);