breaking: Simplify SBOM result class [TAROT-3624] (#103)

The aim of this simplification is to be independent of the SBOM format itself at this point.

Downstream consumers decide if they want to unmarshal the SBOM (and how) based on it's format and spec version.

No scala tools are producing SBOMs, so none need to actually change. No scala tool is even using a version of this library that includes SBOMs.

However, golang tools can already produce SBOMs, so the [golang seed](https://github.com/codacy/codacy-engine-golang-seed/blob/master/result.go) needs to be updated.

`codacy-trivy` will also need to be updated to match the new format.

There will be a point when deploying new versions for worker and `codacy-trivy` when SBOM parsing will be broken but that is OK because:
- SBOM parsing failures do not result in analysis failures
- We only need SBOM parsing working during the night (SCA)

breaking: Support license expressions in SBOM [TAROT-3634] (#102)

Merge pull request #101 from codacy/propagate-source-CF-1820

feature: Add sourceId as optional field to Issue CF-1820

Update publish timeout (#97)

Update publish timeout (#97)

[CY-7528] Update sonatype release/ bump codacy sbt (#96)

bump: codacy-sbt (#95)

Merge pull request #94 from codacy/add_uv_lock_to_python

Since Trivy supports it, adding uv.lock file to Python

Bump: SBT version (#93)

fix: Make SBOM component licenses optional

This field might not exist in the tool SBOM result and it is better modeled as an Option.