fix(ci): test omit-optional flag to exclude LGPL optional deps from SBOM

Point generate-sbom at the skz/ignore-optional branch of gh-actions which
adds --omit optional to cdxgen. This should exclude @img/sharp-libvips-*
(LGPL-3.0, optional deps of sharp via Next.js) from the SBOM.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: joker23

.github/workflows/dependency-scan.yml

@@ -43,6 +43,7 @@ jobs:
         uses: launchdarkly/gh-actions/actions/dependency-scan/generate-sbom@0a54234f88a428df4163234dbb23ddb7fee8b8ec # main
         with:
           types: 'nodejs'
+          omit-optional: 'true'
 
   evaluate-policy:
     runs-on: ubuntu-latest