Add GitHub Workflow to Fetch and Upload Temurin SBOMs to DependencyTrack

[turquoise5]

This adds a GitHub workflow that fetches SBOMs for Temurin JDK 21 from the Adoptium API and uploads them to Eclipse DependencyTrack. It limits releases to those up to the end of 2022, and uses a python script in scripts/fetch_sbom.py to fetch sboms from API and handle metadata generation.

Currently, the script:

• Fetches SBOMs from the Adoptium API, saves them into structured folders by OS, architecture, version (According to project hierarchy described in EPIC: Upload Temurin SBOMs to DependencyTrack #4182
• Generates a metadata.json file with projectName, projectVersion and file path to each SBOM
• Uploads SBOMs and metadata as artifacts
• Uses a matrix job to loop over each SBOM and call the reusable workflow eclipse-csi/workflows/.github/workflows/store-sbom-data.yml@main

To do:

• We are still waiting on parentProject UUIDs for proper DependencyTrack hierarchy
• Need to test with the UUIDs after we get them

fixes #4182

[github-actions]

Thank you for creating a pull request!
If you have not done so already, please familiarise yourself with our Contributing Guidelines and FAQ, even if you have contributed to the Adoptium project before. GitHub actions will now run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.