Re-design model and replace projects.yaml with postgres database

[lukpueh]

fixes #5 #6 #29 #39

Disclaimer

This PR tackles two big features:

1. Model redesign
   1. plus consequential and incidental auth and upload flow updates
2. DB integration

It may have been possible to introduce these features in incremental PRs, for more bite-sized reviews. However, that would have made the total diff much larger, and I would have had to do a lot of retroactive git history mangling, which didn't seem worth the hassle. I recommend to review commit by commit:

1. design doc
2. implementation + tests
3. misc janitorial work

And I am happy to walk reviewers through the PR, if needed!

Change overview

• New model classes

  • Workload: Issuer aware CI/CD entity that can upload SBOMs (e.g. eclipse-csi/pia on GitHub)
  • DependencyTrackProject: Hierarchical SBOM upload slot (e.g. Eclipse CSI --> pia)
  • EclipseFoundationProject: A project can have multiple Workloads and DependencyTrackProjects.

• OIDC auth

  • Preliminary issuer check is now less expensive (see #6)
  • New required claim for GitHub workloads: numeric owner id
  • Auth fails, if more than one workloads are matched by claims (previously first match was returned)
  • Result is a single authenticated Github or Jenkins workload

• SBOM upload

  • Get authenticated workload
  • Find DT project, which maps to the same EF project as the Workload, and
  • whose "name" matches the "product_name" from the SBOM upload payload
  • Upload using the DT project's parent_uuid

• DB integration

  • SQLAlchemy ORM for new model
  • On startup: create db engine and a db session factory
  • On request: create db session

• Misc janitorial work

  • Update docker files and ci.yml
  • Remove exemplary projects.yaml

Upcoming related PRs

• DB management CLI
• DB migration with alembic