Improve SBOM version resolution

[fg-j]

Currently, the way that packit determines which SBOM versions to generate is quite rudimentary. There is a hard-coded mapping of versions to their corresponding formats. This implementation notably lacks:

• SemVer version parsing: the mapping looks for exact version matches only
• support for the latest SBOM schema versions that Syft supports: we pin to specific (and sometimes outdated) schema versions
  • pinning by default is still advantageous, since changing SBOM schema between builds could be a breaking change for users, but it'd be nice to allow users to "get the latest"

We should investigate whether it's possible to learn the schema versions that a given version of Syft supports before SBOMs are generated. This could allow us to match user-requested versions with versions available directly from Syft. For instance, if a user requests a Syft SBOM version 4.* and the latest version of Syft generates version 4.1.0, we could use the upstream SBOM format rather than one of our own implementations.