Fix SSLDC markdowns indentation (#4106)

# Summary

The markdown files generated in an SSDLC report had incorrect
indentation. Because of an extra `\t` the links to the SBOMs did not
work.

## Proof of Work

Before

![image](https://github.com/user-attachments/assets/cda913af-aa5f-40ff-a162-08c922d10506)

After

![image](https://github.com/user-attachments/assets/efc492ab-b66e-4b64-aa77-3820ceff8ef7)

## Checklist
- [ ] Have you linked a jira ticket and/or is the ticket in the title?
- [ ] Have you checked whether your jira ticket required DOCSP changes?
- [ ] Have you checked for release_note changes?

## Reminder (Please remove this when merging)
- Please try to Approve or Reject Changes the PR, keep PRs in review as
short as possible
- Our Short Guide for PRs:
[Link](REDACTED)
- Remember the following Communication Standards - use comment prefixes
for clarity:
  * **blocking**: Must be addressed before approval.
  * **follow-up**: Can be addressed in a later PR or ticket.
  * **q**: Clarifying question.
  * **nit**: Non-blocking suggestions.
  * **note**: Side-note, non-actionable. Example: Praise
  * --> no prefix is considered a question

Author: lucian-tosa

generate_ssdlc_report.py

@@ -204,11 +204,9 @@ def prepare_sbom_markdown(supported_images: Dict[str, SupportedImage], subreport
     for supported_image_key in supported_images:
         supported_image = supported_images[supported_image_key]
         if supported_image.subreport == subreport:
-            lines = f"{lines}\n\t\t- {supported_image.ssdlc_report_name}:"
+            lines = f"{lines}\n\t- {supported_image.ssdlc_report_name}:"
             for sbom_location in supported_image.sbom_file_names:
-                lines = (
-                    f"{lines}\n\t\t\t- [{sbom_location}](./{supported_image.subreport.sbom_subpath}/{sbom_location})"
-                )
+                lines = f"{lines}\n\t\t- [{sbom_location}](./{supported_image.subreport.sbom_subpath}/{sbom_location})"
     return lines
 
 

scripts/ssdlc/templates/SSDLC Containerized MongoDB Agent ${VERSION}.md

@@ -42,4 +42,4 @@ Assumptions and attestations:
 
 2. The Dependency document does not specify third party OSS CVEs fixed by the release and the date we discovered them.
 
-3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.
+3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.

scripts/ssdlc/templates/SSDLC Containerized MongoDB Enterprise Kubernetes Operator ${VERSION}.md

@@ -42,4 +42,4 @@ Assumptions and attestations:
 
 2. The Dependency document does not specify third party OSS CVEs fixed by the release and the date we discovered them.
 
-3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.
+3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.

scripts/ssdlc/templates/SSDLC Containerized MongoDB Enterprise OpsManager ${VERSION}.md

@@ -8,38 +8,38 @@ Overview:
 
 - **Product and Release Name**
 
-    - MongoDB Enterprise Operator ${VERSION}, ${DATE}.
-    - Release Type: ${RELEASE_TYPE}
+  - MongoDB Enterprise Operator ${VERSION}, ${DATE}.
+  - Release Type: ${RELEASE_TYPE}
 
 - **Process Document**
-    - http://go/how-we-develop-software-doc
+  - http://go/how-we-develop-software-doc
 
 - **Tool used to track third party vulnerabilities**
-    - Snyk
+  - Snyk
 
 - **Dependency Information**
-    - See SBOMS Lite manifests (CycloneDX in JSON format for the SBOM and JSON for the supplementary report on CVEs):
+  - See SBOMS Lite manifests (CycloneDX in JSON format for the SBOM and JSON for the supplementary report on CVEs):
     ${SBOMS}
 
 - **Static Analysis Report**
-    - We use GoSec for static analysis scanning on our CI tests. There are no findings (neither critical nor high) unresolved.
+  - We use GoSec for static analysis scanning on our CI tests. There are no findings (neither critical nor high) unresolved.
 
 - **Release Signature Report**
-    - Image signatures enforced by CI pipeline.
-    - Signatures verification: documentation in-progress: https://jira.mongodb.org/browse/DOCSP-39646
+  - Image signatures enforced by CI pipeline.
+  - Signatures verification: documentation in-progress: https://jira.mongodb.org/browse/DOCSP-39646
 
 - **Security Testing Report**
-    - Sast: https://jira.mongodb.org/browse/CLOUDP-251553
-	- Pentest: (Same as the others) https://jira.mongodb.org/browse/CLOUDP-251555
-	- Dast: We decided not to do per https://jira.mongodb.org/browse/CLOUDP-251554 and the linked scope
+  - Sast: https://jira.mongodb.org/browse/CLOUDP-251553
+  - Pentest: (Same as the others) https://jira.mongodb.org/browse/CLOUDP-251555
+  - Dast: We decided not to do per https://jira.mongodb.org/browse/CLOUDP-251554 and the linked scope
 
 - **Security Assessment Report**
-    - https://jira.mongodb.org/browse/CLOUDP-251555
+  - https://jira.mongodb.org/browse/CLOUDP-251555
 
 Assumptions and attestations:
 
 1. Internal processes are used to ensure CVEs are identified and mitigated within SLAs.
 
 2. The Dependency document does not specify third party OSS CVEs fixed by the release and the date we discovered them.
 
-3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.
+3. There is no CycloneDX field for original/modified CVSS score or discovery date. The `x-` prefix indicates this.