SBOM #5259
Description
In expectation of the EU CRA, we should start to include a SBOM (probably in CycloneDX format in the POCO release packages. Given that there aren't too many external dependencies, the first version of the SBOM could be manually created. However, potential ways to automatically generate the SBOM should also be investigated (unfortunately the GitHub Insights dependency graph is useless for this purpose).