feat: Implement SBOM backend logic

[steverydz]

Done

• Adds *.snapcraftcontent.com to the CSP as the SBOM AIP calls this, and our current CSP blocks it
• Adds a proxy endpoint for SBOMs as direct requests on the frontend are blocked by CORs
• Passes has_sboms flag to the template so it can be used to conditionally show the "Security" tab when it is implemented

How to QA

• Run locally on staging (Add DEVICEGW_URL=https://api.staging.snapcraft.io/ to .env.local)
• Go to http://localhost:8004/sbom/MNh0l41yJXdRkNH6GNNXaO4nymIzMZPS/8
• Check that returns a JSON SPDX file
• Go to http://localhost:8004/sbom/6L8TKPBCcxI7HkPi59rT0q5pFjgzPl1R/4
• Check that it returns an error

Testing

• This PR has tests
• No testing required (explain why):

Issue / Card

Fixes:

• https://warthogs.atlassian.net/browse/WD-31833
• https://warthogs.atlassian.net/browse/WD-31834
• https://warthogs.atlassian.net/browse/WD-31835
• https://warthogs.atlassian.net/browse/WD-31836
• https://warthogs.atlassian.net/browse/WD-31837
• https://warthogs.atlassian.net/browse/WD-31838

[webteam-app]

Demo

Jenkins

demos.haus

[Copilot]

Pull request overview

This PR implements the backend foundation for a "Security" tab in snap channel map dropdowns by adding SBOM (Software Bill of Materials) support. It introduces a proxy endpoint for fetching SBOMs to bypass CORS restrictions, adds logic to detect SBOM availability, and passes this information to templates for conditional UI rendering.

Key Changes:

• Adds /sbom/<snap_id>/<revision> proxy endpoint to fetch SPDX SBOM files from the device gateway
• Implements snap_has_sboms() check to determine if a snap has SBOM data available
• Adds CSP policy for *.snapcraftcontent.com domain where SBOM API is hosted
• Extends channel maps to include revision information needed for SBOM lookups

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
webapp/store/snap_details_views.py	Adds SBOM proxy endpoint, availability check function, and integration with snap details context. Changes snap-id key to snap_id for Python naming consistency.
webapp/store/logic.py	Adds get_revisions() helper to extract sorted revision list from channel maps. Updates convert_channel_maps() to include revision field in output.
webapp/handlers.py	Adds *.snapcraftcontent.com to CSP connect-src policy to allow SBOM API calls.
tests/store/tests_public_logic.py	Updates test fixtures to include revision field in channel map data for consistency with logic changes.
tests/store/tests_github_badge.py	Updates test fixtures to include revision field in channel map data.
tests/store/tests_embedded_card.py	Updates test fixtures to include revision field in channel map data.
tests/store/tests_distro_page.py	Updates test fixtures to include revision field in channel map data.
tests/store/tests_details.py	Updates test fixtures and mocks SBOM HEAD requests in all snap details test cases to support the new availability check.

[Copilot]

@steverydz I've opened a new pull request, #5509, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

@steverydz I've opened a new pull request, #5510, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

@steverydz I've opened a new pull request, #5511, to work on those changes. Once the pull request is ready, I'll request review from you.

[codeEmpress1]

I found a few print statements in webapp/store/snap_details_views.py, otherwise code LGTM.

[steverydz]

I found a few print statements in webapp/store/snap_details_views.py, otherwise code LGTM.

@codeEmpress1 Fixed. Thanks!