ci: add sbom validation using pre-commit's post-commit stage

With 09ba070b7e ("fix: allow to use older pre-commit hook version")
and b93cc581a5 ("fix: set default pre-commit hook stages to pre-commit..")
we set the default pre-commit hook stage to commit/pre-commit, which avoids
running the pre-commit plugins/hooks multiple times for different stages.
Unfortunately this also affects "pre-commit run" used in CI and
now it runs only plugins which are by default using the
commit/pre-commit stage. Meaning the sbom validation, which uses
post-commit, is not run at all. This adds an explicit pre-commit command
for validate-sbom-manifest plugin, which needs to be started in
post-commit stage.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

.gitlab/ci/pre_check.yml

@@ -24,6 +24,7 @@ check_pre_commit_master_release:
     - .rules:protected
   script:
     - git diff-tree --no-commit-id --name-only -r $PIPELINE_COMMIT_SHA | xargs pre-commit run --files
+    - pre-commit run --hook-stage post-commit validate-sbom-manifest
 
 check_pre_commit_MR:
   extends:
@@ -31,6 +32,7 @@ check_pre_commit_MR:
     - .rules:mr
   script:
     - python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py files ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} | xargs pre-commit run --files
+    - pre-commit run --hook-stage post-commit validate-sbom-manifest
 
 check_version:
   # Don't run this for feature/bugfix branches, so that it is possible to modify