Add support for Bun lockfile (bun.lock)

[hnnynh]

What would you like to be added:

Add support in Syft to parse bun.lock (Bun lockfile) and generate dependencies/SBOM from it.

Why is this needed:

Syft may miss packages or produce incomplete/inaccurate SBOMs for Bun-based projects. Supporting bun.lock would improve coverage and reliability of dependency detection in modern JS ecosystems.

Additional context:

• Target file: bun.lock (Bun lockfile)
• Expected behavior: detect direct + transitive dependencies resolved in the lockfile and include them in the generated SBOM

[kzantow]

This sounds like a great enhancement! PRs are always welcome!