populate_sdk_ext: include image SPDX tasks in locked signatures

populate_sdk_ext: include image SPDX tasks in locked signatures

Fixes [YOCTO #15726]
Fixes [YOCTO #15853]

After the switch to SPDX 3.0, eSDK installation can fail with errors like:

  gcc-source-1*:do_fetch attempted to execute unexpectedly
  This is usually due to missing setscene tasks.

This is caused by image-related SPDX tasks, such as do_create_image_sbom_spdx,
being excluded from the locked signatures. Without these, the corresponding
sstate-cache artifacts are missing during eSDK installation.

Previously (under SPDX 2.2), these image SPDX/SBOM tasks were not
dependencies of do_populate_sdk_ext task, so their sstate artifacts
 were not required at install time.

Fix:
- do_create_image_sbom_spdx is added to do_sdk_depends[recrdeptask] to
 ensure it is included in the eSDK build and corresponding sstate cache.
- SDK_TARGETS (and multilib variants) are removed from the excluded target
 list in prepare_locked_cache(), so their image SPDX/SBOM tasks are retained
in locked-sigs.inc.

With this fix, eSDK installs work without unexpected task runs, even
for custom distros or "tar" images.

Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>