ci(NODE-7025): New SBOM generation workflow on dependencies change

[ekovalets]

Description

Summary of Changes

This PR adds a new GitHub Actions workflow that will be triggered on packages change.
The trigger will generate a new SBOM.json file and if it differs from the project on will create PR.

Notes for Reviewers

Please review if this is going to work for how you handle project branches.

What is the motivation for this change?

SSDLC Improvement Goals

Double check the following

• Lint is passing (npm run check:lint)
• Self-review completed using the steps outlined here
• PR title follows the correct format: type(NODE-xxxx)[!]: description
  • Example: feat(NODE-1234)!: rewriting everything in coffeescript
• Changes are covered by tests
• New TODOs have a related JIRA ticket

[baileympearson]

auto-opening a PR after another PR merges is just likely to be forgotten by our team. Could we instead add a PR check that blocks a PR from merging if there is a diff in the generated SBOM (and include tooling so that we can generate the SBOM locally)?

This does requires manual generation from us but this works better for our workflow.