Fix: Respect --log-level flag for SBOM deduplication logs

[npneeraj]

Problem

Fixes #1899

When using the --log-level=error flag, INFO level logs were still being printed, specifically the SBOM package deduplication message:

INFO duplicate package ID found in SBOM, deduplicating package... ID=SPDXRef-Package-...

This occurs because the deduplication log statement in spdx.go was using .Info() level, which doesn't get filtered out when the log level is set to error.

Solution

Changed the log level from Info to Debug for the duplicate package deduplication message in pkg/sbom/generator/spdx/spdx.go (line 161).

- clog.FromContext(ctx).Info("duplicate package ID found in SBOM, deduplicating package...", "ID", doc.Packages[i].ID)
+ clog.FromContext(ctx).Debug("duplicate package ID found in SBOM, deduplicating package...", "ID", doc.Packages[i].ID)

This change:

• ✅ Respects the --log-level flag properly
• ✅ Aligns with other debug-level logging in the codebase (e.g., world.go)
• ✅ Keeps the deduplication functionality unchanged
• ✅ Makes this internal operational detail visible only in debug/verbose mode

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas (N/A - simple log level change)
• I have made corresponding changes to the documentation (N/A)
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works (N/A - log level change only)

Additional Context

This is a one-line change that only affects logging verbosity, not functionality.
Package deduplication continues to work exactly as before; only the visibility of the log message changes based on the configured log level.