Introduce a toolchain for sbom generation and manipulation.

[TheGrizzlyDev]

This toolchain must support arbitrary opaque internal formats and allow for a last stage translation into whatever final SBOM format the user wants to use (eg: SPDX, CycloneDX, ...). The default toolchain is only for demonstration purposes at the moment and only allows creating SPDX SBOMs with no additional manipulations.

This PR should not change any underlying behaviour, but rather only make the SBOM behaviour modifiable by users.