fix: do sbom manifest validation in post-commit

Following commit c3afbebf23 ("fix: bump esp-idf-sbom to v0.13.0 in pre-commit"),
the validation of submodule hash now relies solely on the information recorded
in the git-tree. Previously, the hash verification used submodule's
working tree hash if available. Since the new submodule hash is recorded
in git-tree only after the commit is created, we need to move the check
into post-commit, otherwise the hash validation checks the old value.

For example:

1. in .gitmodules

	[submodule "components/json/cJSON"]
	   sbom-hash = cb8693b058ba302f4829ec6d03f609ac6f848546

2. update the cJSON

	$ git -C components/json/cJSON checkout b45f48e600671feade0b6bd65d1c69de7899f2be

3. update cJSON hash in .gitmodules

	[submodule "components/json/cJSON"]
	   sbom-hash = b45f48e600671feade0b6bd65d1c69de7899f2be

4. commit the changes

	$ git commit -a -s

Step 4. will fail, because the validation is currently started in pre-commit stage,
where the hash for cJSON recorded in git-tree is still
cb8693b058ba302f4829ec6d03f609ac6f848546. The new hash b45f48e600671feade0b6bd65d1c69de7899f2be
will be stored in git-tree after the new commit is created.

Note that this means we cannot prevent the commit creation, but only
notify user about the hash inconsistency. If he/she still decides to
push it, it will fail in pre-commit checks in CI.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 
 minimum_pre_commit_version: 3.3.0
-default_install_hook_types: [pre-commit, commit-msg]
+default_install_hook_types: [pre-commit, post-commit, commit-msg]
 default_stages: [pre-commit]
 
 repos:
@@ -223,3 +223,4 @@ repos:
     rev: v0.13.0
     hooks:
       - id: validate-sbom-manifest
+        stages: [post-commit]