fix: add config option to exclude language packages with file ownership overlap

[kimjune01]

Closes #4760.

Cause

When OS packages (deb, apk, rpm) install language packages (Python, Ruby, npm, etc.) via system package managers, syft catalogs both the OS package and the language package. The file ownership overlap relationship exists between them, but there was no mechanism to deduplicate.

The existing exclude-binary-overlap-by-ownership option handles binary packages, but an equivalent for language packages was missing.

Fix

Adds exclude-language-overlap-by-ownership config option that removes language packages when they have a file ownership overlap relationship with an OS package. This mirrors the existing binary exclusion logic. The option defaults to false to avoid changing existing behavior.

The implementation follows the same pattern as ExcludeBinaryPackagesByFileOwnershipOverlap: iterate relationships, identify OS-parent/language-child pairs, and delete the child package.

Tests

Unit tests cover:

• OS → language package overlap (deb→python, apk→npm, rpm→ruby) — child removed
• Binary → language package overlap — both kept
• OS → OS overlap — both kept
• Language → language overlap — both kept

Signed-off-by: June Kim kimjune01@gmail.com

[kimjune01]

Pushed two test-only follow-ups (b4844d0, 64376c2): the original tests built pkg.Package literals without SetID(), so c.Package(r.From.ID()) returned nil and the assertion compared "" == "" — the suite passed without exercising the code under test. Added SetID() on the test packages and an assert.NotEqual(t, "", result) guard so the no-op can't recur. Verified by injecting a panic in the function body: pre-fix tests pass (proof of no-op), post-fix tests fail with the panic (proof of exercise).