Configure SBOM for Build pipeline

[donnie-msft]

Bug

Fixes:

Description

In order to migrate to 1ES PT Release templates, our build must create artifacts with an SBOM to be compliant.

1. Enable SBOM for official builds and explicitly set the sbomBuildDropPath.
2. Stop using a special directory (/sbom) as the release templates do not support looking for these in subdirectories of the artifacts.
   This prevents errors like this:
   "Could not find a part of the path 'D:\a_work\1\nupkgs - RTM_manifest\spdx_2.2\manifest.spdx.json'."
3. Disabled SBOM on tasks that generate artifacts that we do not release.
4. PR Builds have SBOM generation enabled to validate any issues generating SBOMs prior to starting official builds. (Feedback from @zivkan )

Servicing branches

My plan is to make the same change on all servicing branches after merged to dev.

Validation

Tested in our new release pipeline. Eg, see 6.14.0.85-2 as a recent example of the VS Insertion successfully finding these SBOM artifacts.

Tested our existing release pipeline to ensure it still completes with changes from this PR. It created this PR (which I abandoned): https://devdiv.visualstudio.com/DevDiv/_git/VS/pullrequest/621001.

PR Checklist

• Meaningful title, helpful description and a linked NuGet/Home issue
• Added tests
• Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc. https://github.com/NuGet/Client.Engineering/issues/3206