fix: warn about and ignore duplicate entries in SBOMs

[G-Rath]

Branched off of #1288

---

While from what I understand duplicates should not be possible in a valid SBOM, apparently they happen and it's useful for us to report + skip them.

Since doing this efficiently requires use of a map we in turn have to sort the packages to ensure a consistent output order, leading to me discovering that we're not already sorting the packages - I've opened #1288 to land that change first.

Resolves #330

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 68.47%. Comparing base (b14f6c7) to head (b0ad3a3). Report is 469 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1289      +/-   ##
==========================================
- Coverage   68.47%   68.47%   -0.01%     
==========================================
  Files         175      175              
  Lines       16832    16840       +8     
==========================================
+ Hits        11526    11531       +5     
- Misses       4679     4681       +2     
- Partials      627      628       +1     

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

• :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.