Add a bom.xml to all our operators

[lfrancke]

All our operators should contain a bom.xml and the CI should make sure that it's always up-to-date.

[lfrancke]

For this to work we need Renovate to use a postUpgradeTask (https://docs.renovatebot.com/configuration-options/#postupgradetasks) in the renovate.json files from each operator.
This postUpgradeTask needs to install cargo-cyclonedx and then run it so the upgraded bom.xml is part of the final commit/PR.

Our Renovate job in Jenkins does not work for reasons we haven't been able to figure out but it should be possible to test manually using this config https://github.com/stackabletech/ci/blob/main/renovate/config.js and a dryRun feature https://docs.renovatebot.com/self-hosted-configuration/#dryrun

We can probably somehow point renovate at a branch in the operator repositories as well so it's easier to test but that needs to be figured out.

[soenkeliebau]

Configure renovate to check a different branch: https://docs.renovatebot.com/configuration-options/#basebranches

To execute renovate with the config you linked above you'll need to either supply a github access token to your account or use the stacky mcstackface one from bitwarden.

docker run --rm \
  --volume "/path/to/config.js:/usr/src/app/config.js" \
  --env RENOVATE_TOKEN="$GITHUB_TOKEN" \
  --env LOG_LEVEL=debug \
  renovate/renovate

[lfrancke]

We are doing this differently now.
As of stackabletech/docker-images#391 we are automatically creating a SBOM for all binaries we compile ourselves (Rust based) and include them in the Docker images automatically.

I'll close this issue as it's done (in spirit).
We will have follow tickets to do more things with those SBOMS (e.g. upload to Harbor, publish them separately on the homepage etc.)