Create GitHub workflows to test ScanCode.io <=> ORT integration

[tsteenbe]

ScanCode.io supports as input an SBOM via its built-in Load SBOM pipeline. ORT support generating SBOMs via its reporter tools. A logical integration for using ORT results in ScanCode.io would to generate various CycloneDx v1.5/v1.6 and SPDX v2.2/v2.3 with ORT and then "load" these into ScanCode.io

Tasks

• Copy ORT reporter test assets related to SBOM generation into ScanCode.io code base and write a GitHub action workflow within ScanCode.io code repository that on weekly basis tests importing generated SBOM into the latest version of ScanCode.io via assert fails/succeeds on number of packages, licenses and vulnerabilities ScanCode.io found versus known numbers outputted by ORT. Related SBOM test assets in ORT: CycloneDX reporter | SPDX reporter
• Create GitHub action workflow within ScanCode.io code repository that uses GitHub Action for ORT to convert ORTHW-shell example ORT scan-result JSON file for mime types 2.1.26 into CycloneDX v1.5, v1.6 and SPDX v2.2, v2.3 SBOMs, then import them into into the latest version of ScanCode.io via assert fails/succeeds on number of packages, licenses and vulnerabilities ScanCode.io found versus known numbers outputted by ORT
• Create GitHub action workflow that on a weekly basis imports ORT's synthetic tests for various package managers then use GitHub Action for ORT to generate CycloneDX v1.5, v1.6 and SPDX v2.2, v2.3 SBOMs, importing generated SBOMs into the latest version of ScanCode.io and then asserts (fails/succeeds) on number of packages, licenses and vulnerabilities found by ScanCode.io versus known numbers outputted by ORT.

[tsteenbe]

Issue is implemented in #1886 but blocked due to #1885