Move pip SBOM discovery to release-tools repository

[sethmlarson]

pip is a special case for the CPython repository in that it is a part of a packaging ecosystem and thus has fetchable metadata so doesn't require manual intervention whenever a new version is bundled into the CPython source code.

To reduce maintainer churn and reduce issues facing downstream distributors of Python, I propose moving the logic for pip SBOM metadata discovery to the release process instead.