support format specific suffixes mediaTypes for the SBOM files in both cyclonedx and spdx

[developer-guy]

Description

There is no direct support for specifying an SPDX file in a JSON format via mediaTypes in cosign. In SBOM_SPEC, we said that there are format-specific suffixes supported by cosign, but seems we missed adding that support.

Once we grab the file via flag --sbom while attaching it, we'll be looking at the format of the file to detect that is it in format XML, JSON, or SPDX, then we determine its mediaType according to that. For example, if it is an SPDX file we'll be using text/spdx, if it is an SPDX file in the form of JSON, we'll be using text/spdx+json.

WDYT @dlorenc @cpanato @Dentrax?

[dlorenc]

Ah, sgtm

[hectorj2f]

I need to identify the specific format of the media types. So I created a PR #1663 to add support for the input-format. Let me know what you think about it 👍🏻 .