Save syft sbom post image analysis

[nightfurys]

Currently the syft sbom is transformed into legacy analyzer records and the raw sbom is thrown away. Save the syft output to the analysis manifest document. This is to allow the policy engine to retrieve the sbom and submit it to grype for matching vulnerabilities. The syft sbom transformation into legacy analysis manifest may be lossy i.e. syft sbom has more information than that captured in legacy manifest. So using the syft sbom with grype has a better chance of finding more vulnerabilities. May need to process hints over syft sbom