Add support for downloading OSS Scan results as SPDX files [FoD]

[kadraman]

Enhancement Request

With the release of OpenText Core Application Security 26.1 we now have support for exporting OSS scan results in CycloneDX or SPDX format - SPDX is new.

This is available with the API endpoint GET /api/v3/open-source-scans/{scanId}/sbom.

We should update the fcli fod oss-scan download command to be able to specify this format, e.g.:

fcli fod oss-scan download 12345 --format SPDX -f test.com

If no --format option is specified we default to (current) CycloneDX format.