• We taught build to create a manifest list and add a built image to it with the --manifest flag.
• We taught build to run scanners against image contents to produce SBOM files and embed them in output images and save them to local disk with the --sbom flag in RUN-1838.
• We taught build to add files to manifest lists with a --artifact flag in RUN-2006.

By their powers combined, we should be able to tell build to scan an image that we're building into a manifest list and add the resulting SBOM file to that list as an artifact, probably using "sbom-manifest" and "sbom-purl-manifest" boolean flags that are accepted as alternatives or supplements to "sbom-output"/"sbom-purl-output" or "sbom-image-output"/"sbom-purl-image-output".