Automate pip's SBOM package entry

[sethmlarson]

Feature or enhancement

Proposal:

Part of #112302

Most of the vendored dependencies in CPython's source tree can't be automated due to being "outside" a package ecosystem therefore being difficult to automatically parse a version, pip however likely can be automated further since it's a Python package.

See #113249 (comment) and #113249 (comment)

Has this already been discussed elsewhere?

No response given

Links to previous discussion of this feature:

No response

Linked PRs

• gh-113257: Fix SBOM metadata for pip 23.3.2 #113262
• gh-113257: Automatically generate pip SBOM metadata from wheel #113295