(Scanner) new API to read/walk an SBOM

[fraxken]

Sometimes we have an SBOM (json file) as input manifest. Package such as @cyclonedx/cdxgen can produce that file for a given local project (package.json).

My idea is to implement a new API that could take the JSON and walk on it.

[fraxken]

Note: probably not easy at all because we draw to draw relationships between the SBOM components

Or a brand new walker that would just take the list of flat dependencies without any need to iterate on sub-dependencies and walk across the tree (since the SBOM expose the tree as a flat list of components from my current understanding)