Merge branch 'develop' into mo/refactor/persistence-snapshot-reads

# Conflicts:
#	data/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/MetadataDAOImpl.kt
#	data/persistence/src/commonMain/kotlin/com/wire/kalium/persistence/db/UserDatabaseBuilder.kt

Author: MohamadJaara

.github/dependabot.yml

@@ -27,3 +27,16 @@ updates:
       interval: "weekly"
     commit-message:
       prefix: "chore(deps): [WPB-9777] "
+
+  # Pinned, hash-locked SBOM toolchain for scripts/generate-sbom.sh.
+  # Dependabot bumps the pins and regenerates the --hash lines automatically,
+  # so the lockfile stays current without losing supply-chain integrity.
+  - package-ecosystem: "pip"
+    open-pull-requests-limit: 2
+    directory: "/scripts"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 14
+    commit-message:
+      prefix: "chore(deps): [WPB-9777] "

README.md

@@ -66,6 +66,30 @@ Each GitHub release upload also includes a per-bundle SHA-256 manifest
 (`logic-android-aar-SHA256SUMS.txt` / `logic-kmp-SHA256SUMS.txt`) and a matching
 GitHub build provenance bundle (`*-provenance-bundle.json`).
 
+### Generating an SBOM
+
+For **file-level** license/notice
+scan of every third-party dependency (not just coordinates):
+
+```bash
+./scripts/generate-sbom.sh
+```
+
+The script runs the `:collectSbomArtifacts` Gradle task to materialise every
+runtime artifact (JVM jars, **unpacked** Android AARs, Kotlin/Native klibs,
+resolved npm packages from `kotlin-js-store`, and the prebuilt AVS native
+libs) under `build/sbom/artifacts/`, then drives
+[ScanCode-Toolkit](https://github.com/aboutcode-org/scancode-toolkit)
+(`extractcode` + `scancode`) to produce JSON, SPDX, CycloneDX, and HTML
+reports under `build/sbom/`.
+
+Scope is restricted to the licensable subset of modules: `:sample:*`,
+`:tools:*`, `:test:*`, and `:data:persistence-test` are excluded. Run on an
+**Apple Silicon Mac** to include iOS/macOS native dependencies; on other
+hosts those targets resolve empty and the SBOM will omit them.
+
+### CLI
+
 The `cli` can be executed on the terminal of any machine that 
 satisfies the dependencies mentioned above, and is capable of actions like:
 - Logging in