Generate SBOM on release

[glennmusa]

Description

This change proposes generating SBOM artifacts at release time instead of at merge to /main time so that the SBOM generation does not cause merge confusion for developers when creating pull requests.

You can see the old workflow for generating SBOM artifacts in this draft (and to be abandoned) PR: #659

The new workflow for generating SBOM artifacts is described in these updated docs for generating a release in CONTRIBUTING.md:

missionlz/CONTRIBUTING.md

Lines 174 to 193 in 8ae9770

	#### Creating a Release
	Releases are generated from an Azure DevOps pipeline the Mission LZ development team manages so that software bill of materials (SBOM) artifacts can be generated.
	To generate a release, coordinate with the team to run these steps:
	1. Navigate to the [mlz-release/create-release](https://ag-ascii.visualstudio.com/Mission%20Landing%20Zone%20-%20Pipeline/_build?definitionId=218) Azure DevOps pipeline.
	1. Click "Run Pipeline"
	1. Specify a value for the release tag using the naming convention of "v\<year\>.\<month\>.\<revision\>". For example, `v2021.09.0`. (If this is an interim release, like a bug fix release, use the previous build label and add a revision number, like `v2021.09.1`.)
	1. Specify a value for the SBOM package version using the the naming convention of "\<year\>.\<month\>.\<revision\>". For example, `2021.09.0`.
	1. We recommend you publish as a draft so that you can review the release and its artifacts, but this is overrideable by unchecking the "Mark as a Draft Release?" checkbox.
	1. Click the "Run" button. The pipeline will run.
	1. When it is complete, a new draft release will be found at [https://github.com/Azure/missionlz/releases](https://github.com/Azure/missionlz/releases)
	1. Click the pencil icon to edit the release
	1. If you need to, update the title, but it should already follow the naming convention: "MLZ - \<build tag\>". For example, "MLZ - v2021.09.0".
	1. If you need to, now is the time to update the release tag, but it should already follow the naming convention: "v\<year\>.\<month\>.\<revision\>"
	1. The release notes will be auto-populated with its included changes, but add a summary description at the top of the release notes that describe the changes in an easy-to-understand way.
	1. Edit the release notes for consistency, e.g., normalizing verb tense and capitalization.
	1. You should see four `mainfest.*` files that indicate the SBOM was successfully generated.
	1. Click the "Save draft" button to generate a draft release, or click "Publish release" if you are ready to publish.

Issue reference

The issue this PR will close: #677

Checklist

Please make sure you've completed the relevant tasks for this PR out of the following list:

• All acceptance criteria in the backlog item are met
• The documentation is updated to cover any new or changed features
• Manual tests have passed
• Relevant issues are linked to this PR

[lisamurphy-msft]

LGTM,! 🌟