feat: allow creation of SBOM for custom builder

[OliverNocon]

Description

Allow creation of SBOMs also for custom builder.

Default for nodejs and java modules will be as per default of npm and java builder.

Custom configuration is possible.
It is currently anticipated via a new build parameter sbom-create-commands:

modules:
- name: test
   ...
   build-parameters:
     builder: custom
     commands:
       - ...
       - ...
     sbom-create-commands:
       - ...
       - ... -outputSBOM ${sbom-file-name}

${sbom-file-name} is the placeholder for the SBOM names which are created on the fly

Checklist

• Code compiles correctly
• Relevant tests were added (unit / contract / integration)
• Relevant logs were added
• Formatting and linting run locally successfully
• All tests pass
• UA review
• Design is documented
• Extended the README / documentation, if necessary
• Open source is approved

[silvestre]

Hi @offer8 , @rimasirich,

we (a project in Cloud Foundry) use your Cloud MTA Build tool inside a Project Piper General Purpose Pipeline to build our MTAs.

We would very much like to have mbt during build create an SBOM for compliance reasons such as U.S. Executive Order 14028 and the EU Cyber Resilience Act (CRA).

Unfortunately we also have to rely on the custom builder to prepare our source for deployment.

The PR and its proposed sbom-create-commands extension would allow us to use both a custom builder and generate an SBOM.

Could you please consider supporting this PR so that we get this feature?

Thank you,
Silvestre

[OliverNocon]

Considering that this one is of value to others, I removed the draft status of the PR.
Would be great if you consider it since it will remove manual efforts from people who want / need to use sbom creation and cannot use the standard builders.

[o-liver]

Could you rebase the branch and update it. Like this it cannot be merged. Looking at these changes makes me question if my PR on this topic would actually work at all: #1198