Add workflow to generate and upload SBOMs for new releases

[iliescuioana]

This PR aims to bootstrap the EF Security Team initiative of supporting projects in implementing automated SBOM generation and upload workflows, with the goal of enhancing software supply chain security.

We wanted this to seamlessly integrate with your existing release processes, so we implemented 1 workflow meant to generate an SBOM for the paho.mqtt.java product.

Currently the workflow is triggered by new releases being published. A maven cyclonedx plugin (cyclonedx-maven-plugin) is used to generate the SBOM, which is then uploaded as an artifact. The "store-sbom-data" reusable workflow stores additional metadata about the project and upon completion, the self service system downloads the SBOM from artifacts and uploads it to our DependencyTrack instance.

We have tested the SBOM generation separately and everything worked successfully. However, due to limited permissions and inability to simulate the trigger event, if the changes get merged, we'd ask if you could manually run it once so we can confirm the upload to our instance works as expected (for the version input feel free to use the existing latest tag).

Otherwise however feel free to update the workflow as needed, edits by maintainers are enabled. Please let us know if you have any questions we can help with.

• This change is against the develop branch, not master.
• You have signed the Eclipse ECA
• All of your commits have been signed-off with the correct email address (the same one that you
  used to sign the CLA) Hint: use the -s argument when committing.
• If This PR fixes an issue, that you reference the issue below. OR if this is a new issue that
  you are fixing straight away that you add some Description about the bug and how this will fix it.
• If this is new functionality, You have added the appropriate Unit tests.