Generate SBOM

[martincostello]

Generate an SBOM for the build artifacts.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.23%. Comparing base (52844cc) to head (ad3b72b).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2640   +/-   ##
=======================================
  Coverage   96.23%   96.23%           
=======================================
  Files         311      311           
  Lines        7329     7329           
  Branches     1013     1013           
=======================================
  Hits         7053     7053           
  Misses        222      222           
  Partials       54       54           

Flag	Coverage Δ
linux	96.23% <ø> (ø)
macos	96.23% <ø> (ø)
windows	96.22% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Copilot]

Pull Request Overview

This PR integrates SBOM (Software Bill of Materials) generation into the existing build workflow to produce and optionally upload SPDX JSON artifacts for each OS matrix job.

• Adds a new step using anchore/sbom-action to generate SBOMs for build outputs.
• Configures per-OS artifact naming and conditional release asset upload.

Comments suppressed due to low confidence (1)

.github/workflows/build.yml:143

• The output-file path is constant across matrix runs and will be overwritten by each OS job. Consider parameterizing the filename (e.g., ./artifacts/build-${{ matrix.os_name }}.spdx.json) to match the artifact-name and avoid collisions.

        output-file: ./artifacts/build.spdx.json