fix(ci): Correct SBOM path in release workflow (#68)

This commit updates the path to the CycloneDX Software Bill of Materials (SBOM) JSON file in the `publish-release.yml` GitHub Actions workflow.

The path was changed from `build/reports/cyclonedx/bom.json` to `core/build/reports/cyclonedx/bom.json` to reflect its correct location for the signing step.

ci(release): Sign SBOM with Cosign in publishing workflow (#67)

This commit updates the `publish-release.yml` workflow to sign the generated CycloneDX SBOM using Cosign.

Key changes:
- Added `sigstore/cosign-installer@v3` to install Cosign.
- Moved the `cyclonedxBom` task to run before signing.
- Added a `cosign sign-blob` step to perform keyless signing of the `bom.json` file.

chore(deps): Bump kotlin from 2.2.0 to 2.2.10 (#58)

Update publish-release.yml to use macos instead of linux (#33)