test: add end-to-end integration tests for SBOM generation

[Jaydeep869]

Description

While unit tests exist for individual components, we previously lacked comprehensive integration tests that verify the entire pipeline (parsing → extraction → resolution → generation). This PR introduces extensive end-to-end table driven integration tests for the whole SBOM workflow.

Fix #14.

Changes Made

• Added test/integration_test.go: Implemented table driven end-to-end testing covering the lifecycle from parsing the initial witness attestation file to writing the serialized output out securely.
• Added Output Format Validation:
  • Handles checks for SPDX 2.3, CycloneDX 1.5, and CycloneDX 1.4.
  • Elegantly ignores SPDX 2.2 gracefully as protobom v0.4.2 has a known unsupported serialization error for text serialization.
• Added Filter Validation: Ensures components are extracted correctly across type bounds given by the --types command flag (material, command-run, product, network-trace, plus absent filters).
• Added Malformed Payload Coverage: Ensured corrupted internal representations gracefully evaluate standard go 'errors' instead of panicking.

Testing Instructions

Tested locally using the sample attestation payloads. You can run all integrations simultaneously:

go test ./test/integration_test.go -v

Checklist:

• I have DCO signed off my commits successfully
• My code follows the style guidelines of this project
• I have performed a self review of my own code
• I have commented my code, particularly in hard to understand areas
• New and existing unit tests pass locally with my changes