Fix error when validating SBoMs with licenses

What does this MR do and why?

Describe in detail what your merge request does and why.

Fixes: #387533 (closed)

cyclonedx_report.json was naively copied from https://github.com/CycloneDX/specification/blob/ef71717ae0ecb564c0b4c9536d6e9e57e35f2e69/schema/bom-1.4.schema.json. This schema contains references to other files which are present in the repository. When a license or signature is provided, JSONSchemer attempts to resolve those references, and raises an error since they do not use a file:// URI.

This MR copies the contents of the files into the main schema, so that JSONSchemer no longer attempts to resolve definitions from other files. You can check that there are no longer any external definitions with grep -E '"\$ref":\s*"[^#]' app/validators/json_schemas/cyclonedx_report.json.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

git checkout origin/master app/validators/json_schemas/cyclonedx_report.json

# Tests fail
bundle exec rspec spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb

git restore --staged app/validators/json_schemas/cyclonedx_report.json
git restore app/validators/json_schemas/cyclonedx_report.json

# Tests pass
bundle exec rspec spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb

Failure output:

Run options: include {:focus=>true}

All examples were filtered out; ignoring {:focus=>true}

Test environment set up in 6.379597 seconds
...FF......

Failures:

  1) Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator when report has components when components have licenses is expected to be valid
     Failure/Error: raw_errors.map { |error| JSONSchemer::Errors.pretty(error) }
     
     JSONSchemer::InvalidFileURI:
       must use `file` scheme
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `each'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `map'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `pretty_errors'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:20:in `errors'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:16:in `valid?'
     # ./spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb:79:in `block (4 levels) in <top (required)>'
     # ./spec/spec_helper.rb:415:in `block (3 levels) in <top (required)>'
     # ./spec/support/sidekiq_middleware.rb:18:in `with_sidekiq_server_middleware'
     # ./spec/spec_helper.rb:407:in `block (2 levels) in <top (required)>'
     # ./spec/spec_helper.rb:403:in `block (3 levels) in <top (required)>'
     # ./lib/gitlab/application_context.rb:59:in `with_raw_context'
     # ./spec/spec_helper.rb:403:in `block (2 levels) in <top (required)>'
     # ./spec/spec_helper.rb:239:in `block (2 levels) in <top (required)>'
     # ./spec/support/system_exit_detected.rb:7:in `block (2 levels) in <main>'
     # ./spec/support/database/prevent_cross_joins.rb:106:in `block (3 levels) in <main>'
     # ./spec/support/database/prevent_cross_joins.rb:60:in `with_cross_joins_prevented'
     # ./spec/support/database/prevent_cross_joins.rb:106:in `block (2 levels) in <main>'

  2) Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator when report has components when components have a signature is expected to be valid
     Failure/Error: raw_errors.map { |error| JSONSchemer::Errors.pretty(error) }
     
     JSONSchemer::InvalidFileURI:
       must use `file` scheme
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `each'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `map'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:30:in `pretty_errors'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:20:in `errors'
     # ./lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb:16:in `valid?'
     # ./spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb:103:in `block (4 levels) in <top (required)>'
     # ./spec/spec_helper.rb:415:in `block (3 levels) in <top (required)>'
     # ./spec/support/sidekiq_middleware.rb:18:in `with_sidekiq_server_middleware'
     # ./spec/spec_helper.rb:407:in `block (2 levels) in <top (required)>'
     # ./spec/spec_helper.rb:403:in `block (3 levels) in <top (required)>'
     # ./lib/gitlab/application_context.rb:59:in `with_raw_context'
     # ./spec/spec_helper.rb:403:in `block (2 levels) in <top (required)>'
     # ./spec/spec_helper.rb:239:in `block (2 levels) in <top (required)>'
     # ./spec/support/system_exit_detected.rb:7:in `block (2 levels) in <main>'
     # ./spec/support/database/prevent_cross_joins.rb:106:in `block (3 levels) in <main>'
     # ./spec/support/database/prevent_cross_joins.rb:60:in `with_cross_joins_prevented'
     # ./spec/support/database/prevent_cross_joins.rb:106:in `block (2 levels) in <main>'

Finished in 8.37 seconds (files took 13.87 seconds to load)
11 examples, 2 failures

Failed examples:

rspec ./spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb:79 # Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator when report has components when components have licenses is expected to be valid
rspec ./spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb:103 # Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator when report has components when components have a signature is expected to be valid

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.