⭐️ SBOM pkg files

[chris-rock]

This changes works on top of #3313 and uses the new capability to include that data as evidence into the generated sbom file.

• Introduces a new cli option --with-evidence to display evidence when rendered on cli
• includes evidence in cyclone dx output and proto output

> cnquery sbom docker rockylinux:8.9 --with-evidences                                                                                                                                                                                                                                     
→ discover related assets for 1 asset(s)

 rockylinux:8.9 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%

rpm/acl/2.2.53
  /usr/bin/chacl
  /usr/bin/getfacl
  /usr/bin/setfacl
  /usr/lib/.build-id
  /usr/lib/.build-id/3a
  /usr/lib/.build-id/3a/699889d062bfe6ccb8d034c70a562d1a742ef6
  /usr/lib/.build-id/47
  /usr/lib/.build-id/47/afc7d8343ed36a9b49745c565deeb9fdfa2ed6
  /usr/lib/.build-id/c7
  /usr/lib/.build-id/c7/a03e175698b384f17d3a2e0c7c1ee96dd6fbc6
  /usr/share/licenses/acl
  /usr/share/licenses/acl/COPYING
  /usr/share/licenses/acl/COPYING.LGPL
  /usr/share/locale/de/LC_MESSAGES/acl.mo
  /usr/share/locale/en@boldquot/LC_MESSAGES/acl.mo
  /usr/share/locale/en@quot/LC_MESSAGES/acl.mo
  /usr/share/locale/es/LC_MESSAGES/acl.mo
  /usr/share/locale/fr/LC_MESSAGES/acl.mo
  /usr/share/locale/gl/LC_MESSAGES/acl.mo
  /usr/share/locale/pl/LC_MESSAGES/acl.mo
  /usr/share/locale/sv/LC_MESSAGES/acl.mo
  /usr/share/man/man1/chacl.1.gz
  /usr/share/man/man1/getfacl.1.gz
  /usr/share/man/man1/setfacl.1.gz
  /usr/share/man/man5/acl.5.gz
rpm/audit-libs/3.0.7
  /etc/libaudit.conf
  /usr/lib/.build-id
  /usr/lib/.build-id/b6
  /usr/lib/.build-id/b6/523cbf60c87a2b054a7d2568d6b2a338b3afea
  /usr/lib/.build-id/de
  /usr/lib/.build-id/de/b23d914b718debda277dc00e9f056920f83c28
  /usr/lib64/libaudit.so.1
  /usr/lib64/libaudit.so.1.0.0
  /usr/lib64/libauparse.so
  /usr/lib64/libauparse.so.0
  /usr/lib64/libauparse.so.0.0.0
  /usr/share/licenses/audit-libs
  /usr/share/licenses/audit-libs/lgpl-2.1.txt
  /usr/share/man/man5/libaudit.conf.5.gz

[github-actions]

Test Results

2 745 tests  ±0   2 744 ✅ ±0   46s ⏱️ -3s
  186 suites ±0       1 💤 ±0 
    5 files   ±0       0 ❌ ±0 

Results for commit 2709a20. ± Comparison against base commit f13dfc2.

This pull request removes 6 and adds 6 tests. Note that renamed tests count towards both.

go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/0001-01-01_00:00:00_+0000_UTC
go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/292277026596-12-04_15:30:07_+0000_UTC
go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/292277026596-12-04_15:30:09_+0000_UTC
go.mondoo.com/cnquery/v10/llx ‑ TestSuccess/2024-02-14_10:27:25.990481361_+0000_UTC_m=+0.009106256
go.mondoo.com/cnquery/v10/llx ‑ TestTruthy/2024-02-14_10:27:25.990481361_+0000_UTC_m=+0.009106256
go.mondoo.com/cnquery/v10/llx ‑ TestTruthy/2024-02-14_10:27:25.990481361_+0000_UTC_m=+0.009106256#01

go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/0001-01-01_00:53:28_+0053_LMT
go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/292277026596-12-04_16:23:37_+0053_LMT
go.mondoo.com/cnquery/v10/llx ‑ TestRawData_JSON/292277026596-12-04_16:30:07_+0100_CET
go.mondoo.com/cnquery/v10/llx ‑ TestSuccess/2024-02-14_11:51:20.462515947_+0100_CET_m=+0.013459540
go.mondoo.com/cnquery/v10/llx ‑ TestTruthy/2024-02-14_11:51:20.462515947_+0100_CET_m=+0.013459540
go.mondoo.com/cnquery/v10/llx ‑ TestTruthy/2024-02-14_11:51:20.462515947_+0100_CET_m=+0.013459540#01

♻️ This comment has been updated with latest results.

[czunker]

Works as described:

cnquery sbom container image ubuntu:22.04 --with-evidences                                                                                                   ✔ │ 07:56:42 
→ This command is experimental. Please report any issues to https://github.com/mondoohq/cnquery.
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ discover related assets for 1 asset(s)

 ubuntu:22.04@27941809078c ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%


deb/adduser/3.118ubuntu5
deb/apt/2.4.5
  /.
  /etc
  /etc/apt
  /etc/apt/apt.conf.d
  /etc/apt/apt.conf.d/01-vendor-ubuntu
  /etc/apt/apt.conf.d/01autoremove
....