fix: SBOM SPDX generation

- Ignore if DockerHub
- Remove artifact name (not needed, cos not uploading)
- Update from 0.15.4 to 0.20.01

Author: Lissy93

.github/workflows/docker.yml

@@ -120,14 +120,13 @@ jobs:
           echo "safe_tag=${SAFE_TAG}" >> $GITHUB_OUTPUT
 
       - name: 🔐 Generate SBOM (SPDX)
-        if: github.event_name != 'workflow_dispatch' || github.event.inputs.dry_run != 'true'
+        if: matrix.target == 'ghcr' && (github.event_name != 'workflow_dispatch' || github.event.inputs.dry_run != 'true')
         id: sbom
-        uses: anchore/sbom-action@v0.15.4
+        uses: anchore/sbom-action@v0.20.01
         with:
           image: ${{ matrix.image }}:${{ steps.docker_tags.outputs.tag_name }}
           format: spdx-json
           output-file: sbom.spdx.json
-          artifact-name: domain-locker-sbom-${{ steps.safe_tag.outputs.safe_tag }}
           upload-artifact: false
 
       - name: 🪪 Attest SBOM to registry