Attach SBOM attestations to images

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do?

Attach SBOM attestations to images

Software Bill of Materials (SBOM) attestations describe what software artifacts an image contains, and artifacts used to create the image.

This information is very useful for security purposes.

See: https://docs.docker.com/build/attestations/sbom/

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Tests added for this feature/bug