Zarf always populates sbom.tar artifact even if no SBOMs exist

[YrrepNoj]

Environment

Device and OS: darwin arm64
App version: 0.48.1
Kubernetes distro being used: N/A
Other:

After a recent change in Zarf, it seems like an sbom.tar artifact is being created and populated for every package, even if no SBOM exists. This tar file contains a single file compare.html

I believe this was introduced in this commit. The in-line comment above the call to createSBOMCompareAsset() says to only add the compare tool if there are SBOMs but that doesn't seem to be something we check before calling the function or within the function

When we noticed this in our project, we wrote this small hotfix to check if there was SBOM content we needed to care about.

Steps to reproduce

1. Build the following Zarf Package

kind: ZarfPackageConfig
metadata:
  name: sbom-gen

components:
  - name: silly-goofy-mood
    actions:
      onCreate:
        before:
          - cmd: echo "Hello World!"

NOTE: Even though I am using different inspect commands. This is not a side effect of updating the inspect command.

Expected result

No SBOM generated as of Zarf 0.46.0
NOTE: The sbom.tar file exists within the package, but it is empty.

Actual Result

SBOM output exists as of Zarf v0.48.1 (But I believe it was introduced in earlier)