feat: add default SBOM summary report with detailed --summary mode

[Jaydeep869]

Fixes #27

What changed

• add a brief SBOM summary report by default after sbomit generate
• keep --summary as the detailed mode with per-ecosystem package listings
• send the human-readable report to stderr so SBOM output on stdout stays machine-readable
• preserve the current syft and trivy cataloger behavior while refactoring generation to return the built document for reporting
• add summary logic and command-level tests for counts, classification, deterministic ordering, and stdout/stderr separation

Behavior

• default output now includes total packages, total files, and ecosystem counts
• --summary extends that with sorted package listings grouped by ecosystem
• file output still prints the report to stderr and keeps the written SBOM valid

Validation

• GOCACHE=/tmp/sbomit-gocache go test ./...
• verified a live sample run with test/sample-attestation.json to confirm summary text goes to stderr

This supersedes #26 because that branch remained incomplete and mixed summary behavior in a way that could interfere with stdout-based SBOM consumption.

[Jaydeep869]

@absol27 can you Review this PR