Improve integration with nixpkgs metadata

[henrirosten]

This change improves the way sbomnix reads nixpkgs metadata:

• Adds command-line tool and python library nixmeta, which allows summarizing nixpkgs meta-attributes from the given nixpkgs version.
• Start using local nix metadata cache generated with nixmeta based on the given sbomnix target. Additionally, if available, pre-populate the meta cache from an online database, maintained and daily-updated on github.

Made possible by the above changes, this PR removes the sbomnix command-line argument --meta: meta-information is now automatically added for all sbomnix SBOMs.

Also worth noting is that this PR changes sbomnix, nixgraph, vulnxscan, and nix_outdated so each tool allows specifying the target as Nix flake reference in addition to the earlier nix store path (which is still also supported).

Other smaller changes:

• Start using https://github.com/thombashi/df-diskcache to implement local dataframe cache
• Start using the new meta info in release-asset generation
• Adds pylint and csvkit to nix devshell

Once this PR is merged, we can close the issue: #62.

[tervis-unikie]

Admittedly a quick glance, but nothing poked my eye.

[henrirosten]

Had to push another version due to missing sbomnix dependency: https://github.com/tiiuae/sbomnix/compare/692be07416a8070f108baf862046bf2f6b71e6b1..e210ed8c881f76a5900a8c9dc26e8a05885f177d

This went unnoticed before, because the dependecy was in devshell, but not in sbomnix package.

[henrirosten]

Added more logging in: https://github.com/tiiuae/sbomnix/compare/e210ed8c881f76a5900a8c9dc26e8a05885f177d..b137ee1c9bc64ac0e72cd6d4458740cec32a9a56 as I noticed in testing on larger targets (such as Ghaf), that the tools were suspiciously silent while evaluating and force-realising the target, which can take some time on larger build targets and might raise some concerns for the command-line user.

After adding those traces, the tools output some more info as to what is taking time.