Add Cryptographic Bill of Materials (CBOM) Support

[hwupathum]

What problem are we solving?

We do not have a single, reliable view of the cryptography used by the server. TLS versions, cipher suites, JWT algorithms, and key types are scattered across code and configuration. This makes audits, compliance checks, and post-quantum planning difficult. Changes to crypto settings can happen without visibility.

Who are we solving this for?

• Security and platform teams
• Developers working on TLS and token signing
• Architecture and research teams planning crypto agility and PQ migration
• Enterprise customers that require cryptographic transparency

Why should we solve this now?

• Customers increasingly request cryptographic visibility.
• Post-quantum transition requires a clear baseline.
• Crypto drift becomes harder to control as the codebase grows.

Proposed Solution

Needs to be analyzed further

Alternatives

Rely only on SBOM tooling

[ThaminduDilshan]

@hwupathum shall we create a idea/ design type discussion for this?