[ci] Generate and upload a Software Bill of Materials (#6645)

Context: https://eng.ms/docs/initiatives/executive-order/executive-order-requirements/executiveorderoncybersecurity/softwarebillofmaterials
Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/ado-sbom-generator
Context: https://github.com/xamarin/yaml-templates/blob/4cabafec2cec4fc02b44635b196020cd00a60f03/compliance/sbom/job.v1.yml

A "post-build" stage has been added that will run after all "build"
and "prepare release" stages.  This stage consists of one job which
will generate a Software Bill of Materials using shared yaml templates.
Other post processing jobs can be added to this stage in the future if
needed.

Author: pjcollins

build-tools/automation/azure-pipelines.yaml

@@ -1537,6 +1537,21 @@ stages:
         authenticationMethod: 'OAuth Token'
         password: $(System.AccessToken)     # Equivalent to the 'Allow scripts to access OAuth token option': https://stackoverflow.com/questions/52837980/how-to-allow-scripts-to-access-oauth-token-from-yaml-builds
 
+- stage: post_build
+  displayName: Post Build
+  dependsOn:
+  - dotnet_prepare_release
+  - finalize_installers
+  condition: and(eq(variables['MicroBuildSignType'], 'Real'), eq(dependencies.dotnet_prepare_release.result, 'Succeeded'), eq(dependencies.finalize_installers.result, 'Succeeded'))
+  jobs:
+  - template: compliance/sbom/job.v1.yml@yaml
+    parameters:
+      artifactNames: [ nuget-signed, nuget-linux-signed, vs-msi-nugets, vsdrop-signed ]
+      statusContexts: [ JENKINS-SIGN ]
+      packageName: xamarin-android
+      packageFilter: '*.nupkg;*.msi;*.pkg;*.vsix'
+      GitHub.Token: $(GitHub.Token)
+
 - stage: code_analysis
   dependsOn: []
   displayName: Code Analysis