strengthen tests for NTIA, FSCT, BSI v1.1, BSI v2.0, and OCT using inline SBOM JSON

[viveksahu26]

This is not a bug, but more of strengthening existing sbomqs functionality by improving tests coverage.

The goal is to change how SBOMs are created for tests. Previously, SBOMs used in tests were constructed programmatically using constructors from the sbom package. The new approach replaces these with real SBOMs embedded as inline JSON.

Using real SBOMs makes it easier to observe and reason about how individual SBOM fields affect:

• specific compliance checks, and
• default scoring behavior.

These tests provide clearer, faster feedback on which SBOM fields contribute to a score, which do not, and why, across different specifications. As a result, they improve traceability, confidence in scoring logic, and long-term maintainability of existing features.

In the future, if an issue is discovered with a particular SBOM or field, the affected SBOM can be fixed and added directly as a test case, ensuring the issue is captured and prevented from regressing.