Move SBOM stage

Background

SBOM stage needs to be before the scanners. The "diff" does not need to happen yet.

SBOM can continue to be syft if this is significantly faster than an Anchore scan. However, I think Anchore 4.0 can generate a (syft?) SBOM. If there's any way to use Anchore (APIs? anchorectl?) to generate the SBOM... this might make sense.

Just leave it as syft for now probably. Move the job to a new stage before Scan.

Acceptance Criteria

• Anchore SBOM generation has been moved to post-build stage
• Harbor job picks up the SBOM artifacts
• S3 job picks up the SBOM artifacts

Definition of Done

• Successful master branch pipeline run in staging