Add SBOM to the official build pipeline

[MiYanni]

Detailed information here: dotnet/project-system#7955

This adds software bill of materials (SBOM) to the official build pipeline. This is required for Microsoft products and the information is required to be in our .vsman file for Visual Studio insertion. I reused the same .ps1 script I made for the project-system repo to do the update process for the json manifest.

Successful build: https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=5948260&view=results

From the manifest json:

"payloads": [
    {
        "fileName": "Microsoft.NuGet.Build.Tasks.Setup.vsix",
        "size": ------
    },
    {
        "fileName": "Microsoft.NuGet.Build.Tasks.Setup_sbom.json",
        "size": ------
    }
],

From the vsman file:

[drewnoakes]

Looks good to me.

An obvious question is around the copy/paste of the .ps1 file. Could this be shared in some better way? Did you consider using a custom MSBuild task? Or maybe just a comment in the files to explain the duplication so that a change made to one is more likely to be made in another. Your call though.

[MiYanni]

@drewnoakes The script is more of a 'hack' than it is a proper solution. Both our (project-system) infrastructure (using RepoToolset) and this one (using Arcade) have the same basic principles for creating our vsix and vsman file(s). What I'll do is add an issue in the project-system repo for the build infrastructure simplification to see if we can use the same infra in any of our repos (project-system, project-system-tools, NuGet.BuildTasks, ProjFileTools). I'm not trying to make Arcade 2 here, but we should be able to share the processes across our repos, even thought they all aren't inserting into VS.