Investigate missing `suppliers` on `phase-1 keycloak`

[idunbarh]

The phase-1 keycloak workflow has 14,530 / 23,683 have supplier names. We need to understand and investigate why this is not more.

SBOM Quality by Interlynk Score:8.5	components:23683	./enriched-keycloak-sbom-cyclonedx/enriched_keycloak-sbom.cdx.json
+-----------------------+--------------------------------+-----------+--------------------------------+
|       CATEGORY        |            FEATURE             |   SCORE   |              DESC              |
+-----------------------+--------------------------------+-----------+--------------------------------+
| NTIA-minimum-elements | comp_with_name                 | 10.0/10.0 | 23683/23683 have names         |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_supplier             | 6.1/10.0  | 14530/23683 have supplier      |
|                       |                                |           | names                          |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_uniq_ids             | 10.0/10.0 | 23683/23683 have unique ID's   |
+                       +--------------------------------+-----------+--------------------------------+
|                       | comp_with_version              | 9.9/10.0  | 23513/23683 have versions      |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_authors                   | 10.0/10.0 | doc has 2 authors              |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_creation_timestamp        | 10.0/10.0 | doc has creation timestamp     |
|                       |                                |           | 2024-10-01T05:39:04+00:00      |
+                       +--------------------------------+-----------+--------------------------------+
|                       | sbom_dependencies              | 10.0/10.0 | doc has 63307 relationships    |
+-----------------------+--------------------------------+-----------+--------------------------------+

[tiegz]

this might be unrelated bc it's SPDX instead of Cyclone, but I noticed this in the Keycloak "Augment Keycloak SPDX" step too:

{"level":"info","ts":1727921916.299821,"caller":"edit/spdx_edit.go:68","msg":"SPDX error updating supplier: not supported"}
{"level":"info","ts":1727921916.2998703,"caller":"edit/spdx_edit.go:68","msg":"SPDX error updating repository: not supported"}