There's a closed pull request on the void-packages repository

New packages: grype and syft
https://github.com/void-linux/void-packages/pull/34511

Description:
This adds two new packages, `syft`, a SBOM generator with support for creating SBOMs from loads of sources, and `grype`, a vulnerability scanner based on `syft`. `grype` includes `syft` as a library, and because go includes those statically, which is why `grype` does not have a dependency on `syft` here.
#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**