Pre-release pipeline missing SBOM generation and attestation

[WilliamBerryiii]

Description

The pre-release pipeline (release-prerelease.yml) does not generate a dependency SBOM or perform SBOM attestation. The stable pipeline has these steps, but the pre-release pipeline was missing them entirely.

Expected Behavior

Pre-release builds should also generate a dependency SBOM using anchore/sbom-action, include file-existence verification guards, and attest both per-VSIX and dependency SBOMs for supply chain integrity.

Impact

Pre-release artifacts lack supply chain attestation, creating an inconsistency with the stable release pipeline and reducing security posture for pre-release consumers.