Hotfix/add missing mocks

[rnorton5432]

I played around with the SBOM generator and found that the Name field on the base image contains the registry and namespace when applicable, so I was able to mock the base image reference correctly off of the SBOM:

❯ docker scout sbom paulnorton311/pnorton-consumer | jq .source.provenance.base_image
{"level":"info","msg":"Provenance obtained from attestation","time":"2024-02-13T15:23:35-05:00"}
{"level":"info","msg":"SBOM obtained from attestation, 136 packages indexed\n","time":"2024-02-13T15:23:35-05:00"}
{"level":"info","msg":"Pulling","time":"2024-02-13T15:23:35-05:00"}
{"level":"info","msg":"Pulled","time":"2024-02-13T15:23:36-05:00"}
{
  "Name": "ghcr.io/pnorton5432/sonarqube-test-repo",
  "Tag": "latest",
  "Digest": "sha256:aa4391dc973bdb16e5d42041f594c1c3cdbe431e5c73e88fcc46d84eb9961c9a",
  "Platform": {
    "architecture": "amd64",
    "os": "linux"
  }
}

I also updated the mockCommonSubscriptionData to 1) include platform, and 2) use the actual image digest from the SBOM instead of always mocking to localDigest (unless SBOM isn't present).

We're now parsing the SBOM twice, and I thought about trying to cache it temporarily between steps, but it became a fairly involved change. I may investigate this later as the async query portion has a similar repeat-decode behaviour with its own metadata.

Rather than mock supported tags for every execution, I'd like to only fetch it when it's actually needed from the actual policy evaluator. I'll put up a PR for that shortly in the base images repo.

Finally, I removed the local_test.go since we're no longer using that mock-by-name mechanism anyway and it was failing under the new SBOM requirement.

[felipecruz91]

Thanks @pnorton5432 for the detailed explanation, very much appreciated. I've pushed this commit to unit test the parseFromReference function.