fix: SBOM multi-ecosystem support with correct package managers and licenses (#8)

Dockerfile.agent

@@ -5,7 +5,18 @@ COPY . .
 RUN cargo build --release -p compliance-agent
 
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y ca-certificates libssl3 git curl python3 python3-pip && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y ca-certificates libssl3 git curl python3 python3-pip npm golang-go php-cli && rm -rf /var/lib/apt/lists/*
+
+# Install Cargo (minimal, for cargo metadata / cargo audit / generate-lockfile)
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal
+ENV PATH="/root/.cargo/bin:${PATH}"
+RUN cargo install cargo-audit
+
+# Install Composer for PHP dependency resolution
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+# Install Bundler for Ruby dependency resolution
+RUN apt-get update && apt-get install -y ruby && rm -rf /var/lib/apt/lists/* && gem install bundler
 
 # Install syft for SBOM generation
 RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin