Add command that produces an SBOM for an existing image

[luhring]

Today apko has an approach to producing SBOMs for images it builds: it aggregates the SBOM information from the list of APK packages used in the image into a single image SBOM.

But it doesn't let the user just produce the SBOM for an image (using that same approach).

This would be useful in debugging issues with existing images and their SBOMs, such as to verify that an image's existing SBOM has been produced and/or updated correctly.