What would you like to be added:
A request from @henrysachs on Discourse: add the ability to specify arbitrary name-value pairs that are added to the SBOM.

Why is this needed:
Users have various needs -- particularly at the SBOM-level -- to add information that is useful for downstream consumers.

Additional context:
After a discussion during weekly gardening, it was determined that we could probably move forward with this, and start with the simplest solution of adding a name-value map[string]string somewhere. We need to work out the UX for this, but it would probably be something like adding a multiple-allowed flag --sbom-property <name>=<value>.

I believe the consensus is that this is probably best suited to be added to the SBOM itself or the Descriptor, rather than being associated with the source, as the --source-name and --source-version are. There may be a discussion to finalize this as part of the pull request process.

Additional concerns are: these need to be output in a reproducible order in all serialization formats. JSON output of map[string] in go will do this automatically, but if we need to iterate a map, for example to add CycloneDX properties, this needs to be done in an ordered way.