Zabbix

.......... [DEV-2552] added targets for generating SBOMs for the Go agent

The convenience target is 'sbom' which depends on the 'sbom.json'
target. A sbom.xml target is also available for generating an SBOM in
XML format.

Both targets explicitly specify the 1.4 version of the CycloneDX SBOM
specification.

The '-assert-licenses' flag is necessary to promote the found licenses
to the actual license section of the SBOM, as otherwise they're left in
the 'evidence' section and are considered only as guesses. We do this
because we use these SBOMs with Dependency-Track, which only relies on
the license section of the components description. So far, I haven't
witnessed any false detections.