[api] add ability to export results as CycloneDX attestations

[northdpole]

Issue

What is the issue?

CycloneDX supports attestations. This is their way to do standards and they have native CRE support in their attestations.

Time for us to also support CycloneDX

Find a way to make OpenCRE dump attestation documents https://cyclonedx-python-library.readthedocs.io/en/latest/autoapi/cyclonedx/model/index.html#cyclonedx.model.ExternalReferenceType.ATTESTATION

https://github.com/CycloneDX/guides/blob/main/Attestations/en/0x30-Making-Attestations.md