Update Syft from 1.16.0 to 1.37.0

[JamieMagee]

This updates the version of Syft we use for Linux package inventory from v1.16.0 to v1.37.0.

I also updated the instructions so that we use a multi-platform image. For example, here's the manifest for the current v1.16.0 tag:

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "config": {
    "mediaType": "application/vnd.docker.container.image.v1+json",
    "size": 4458,
    "digest": "sha256:9899d09b4ddb6ce16d37b6fed6aa97ec70b39b7eb1cbbcb134bbed72b07479cb"
  },
  "layers": [
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 115223,
      "digest": "sha256:0160a9d07b89a73ddefb5fc09c73b7fa1853d4c61c9a86ff1a53df6e4c85caee"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 93,
      "digest": "sha256:89a6b064be776d9bdbdf73775110a8aab8cebf9abb8e34a31eab85cf05e4019d"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 16632658,
      "digest": "sha256:84ffc71437ecd9b054a8c107adda590ae5915b088cf59a607f77b88f1fc24256"
    }
  ]
}

versus the new v1.37.0 tag I just created

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
  "manifests": [
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 945,
      "digest": "sha256:8f805aee7056cefa13a24df998986e1a1ab03bb4575ca5c98b02fa749d841a52",
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 945,
      "digest": "sha256:64d80bf8b43e3e8b70b1ece567a8702aaf8542b3b220a62c2fc0a86dfb45c7a7",
      "platform": {
        "architecture": "arm64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 945,
      "digest": "sha256:66644ad097a3e4d7b2748cacaec088afb94ac4317e90d657fa11598d257485dc",
      "platform": {
        "architecture": "ppc64le",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 945,
      "digest": "sha256:9a74bc804a3bb26cf03327d703c87d895bce75d94f4b5b8e7766590809c3ecb6",
      "platform": {
        "architecture": "s390x",
        "os": "linux"
      }
    }
  ]
}

[codecov]

Codecov Report

❌ Patch coverage is 5.00000% with 95 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.3%. Comparing base (855dc28) to head (f33e508).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...tDetection.Detectors/linux/Contracts/SyftOutput.cs	5.0%	94 Missing ⚠️
...ComponentDetection.Detectors/linux/LinuxScanner.cs	0.0%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##            main   #1527     +/-   ##
=======================================
- Coverage   90.3%   90.3%   -0.1%     
=======================================
  Files        418     418             
  Lines      35275   35300     +25     
  Branches    2188    2188             
=======================================
- Hits       31881   31878      -3     
- Misses      2951    2980     +29     
+ Partials     443     442      -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR updates the Syft container scanner from v1.16.0 to v1.37.0 to support newer versions of Linux package detection. The update includes schema changes to accommodate new fields in Syft's JSON output format.

• Updated Syft Docker image version and SHA256 digest in LinuxScanner
• Regenerated SyftOutput.cs models to match the new v1.37.0 schema
• Updated documentation to reflect improved multi-platform image deployment process

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScanner.cs	Updated scanner image to v1.37.0 and qualified Environment.NewLine reference
src/Microsoft.ComponentDetection.Detectors/linux/Contracts/SyftOutput.cs	Regenerated auto-generated models to match Syft v1.37.0 schema with new fields and refactored implicit operators
docs/update-syft.md	Updated documentation to use docker buildx imagetools for multi-platform support instead of manual pull/tag/push

[github-actions]

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂