Add support for fetching SBOMs

[vandanrohatgi]

Closes #2864

Adds support for fetching Software Bill of materials (SBOM) for a repository.

• go generate
• go test
• go vet

[codecov]

Codecov Report

Merging #2869 (c48702b) into master (3ecf12c) will decrease coverage by 0.02%.
Report is 8 commits behind head on master.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #2869      +/-   ##
==========================================
- Coverage   98.07%   98.06%   -0.02%     
==========================================
  Files         139      140       +1     
  Lines       12348    12269      -79     
==========================================
- Hits        12110    12031      -79     
  Misses        162      162              
  Partials       76       76              

Files Changed	Coverage Δ
github/dependency_graph.go	100.00% <100.00%> (ø)
github/github.go	97.97% <100.00%> (+<0.01%)	⬆️

... and 6 files with indirect coverage changes

[gmlewis]

Thank you, @vandanrohatgi !
Just a couple minor comment nits, please, that I apparently missed the first time
before we await a second LGTM+Approval from any other contributor to this repo before merging.

[vandanrohatgi]

Thank you so much for the valuable feedback @gmlewis ! Learned a lot. Though I feel I only increased your workload rather than contributing :)

[gmlewis]

Thank you so much for the valuable feedback @gmlewis ! Learned a lot. Though I feel I only increased your workload rather than contributing :)

No, not at all, @vandanrohatgi ! Your contributions are appreciated more than you know!
I couldn't maintain this repo without the help of wonderful contributors like yourself.

[gmlewis]

Thank you, @vandanrohatgi !
LGTM.

Awaiting second LGTM+Approval from any other contributor to this repo before merging.

[gmlewis]

@Parker77 - do you have time for a code review, please?

[Parker77]

LGTM!

[gmlewis]

Thank you, @Parker77 !
Merging.