For npm-ci builder SBOM is generated with "npm install" instead of "npm ci"

[JacyKay]

  - MBT Version: using 1.3.34 (but it is not fixed in master yet: see

cloud-mta-build-tool/internal/commands/commands.go

Line 344 in ec5fc61

case "npm", "npm-ci", "grunt", "evo":

)
  - OS Version: Linux
  - If possible, provide a link to the project: https://github.wdf.sap.corp/EnterpriseThreatDetection/etd-cloud-approuter/blob/MD_027/mta.yaml

Steps to Reproduce:

1. We are using the npm-ci builder in our mta.yml so that a clean install is performed "npm ci" for generation the .mtar archive. This is working.
2. Our pipeline uses the xmake plugin https://github.wdf.sap.corp/dtxmake/xmake-mta-plugin/blob/master/README.md which then uses mbt to generate an SBOM file
3. But when the mbt tool generates the SBOM file, it calls "npm install" and not "npm ci": see

   cloud-mta-build-tool/internal/commands/commands.go

   Line 344 in ec5fc61

   case "npm", "npm-ci", "grunt", "evo":

4. This leads to an sbom xml files that can contain other dependencies than we are actually using in our software so that we cannot comply with product standard: SLC-41 https://pages.github.tools.sap/product-standards/portal/docs/requirements/SoftwareLifecycle/SLC-41/?_highlight=sbom#sbom-upload

Please fix this bug.