Export scan results in a form Sonatype CLM / Nexus IQ can consume

[raboof]

Apparently they can ingest SBOMs with vulnerability information, which we might be able to semi-easily generate:

• https://discourse.nixos.org/t/scanning-nix-packages-with-sonatype-nexus-iq-clm-scan-tool/35583/4
• https://help.sonatype.com/iqserver/automating/rest-apis/third-party-scan-rest-api---v2#ThirdPartyScanRESTAPIv2-Step2

(definitely not for the initial milestone though)