Resolve "SBOM/SOUP periodic assessment 01/2024"

Closes #1015 (closed)

Do not merge until the SBOM list (see below) has been released. The sheet is to be saved as SBOM.csv and added to this MR! The old SBOM.md can be deleted

Assessment log

App version v1.0.35 at commit fb6e92e2 (January 25, 2024)

Vulnerability scan

• yarn install
• yarn upgrade
• yarn audit

Result: 0 vulnerabilities found - Packages audited: 1503

SBOM assessment

Working copy of RC1_SW_04: https://docs.google.com/spreadsheets/d/1aObRWco1gvhiqCjaNe8bLI_5YJkDUVPv-H-Gg-eR4vs (shall replace the original once it has been approved)

Please pay special attention to the "Requirements" and "Verification Reasoning" columns for all new packages, especially the Auxiliary Dependencies.

• Added new direct dependencies: html-loader, marked
• Removed uninstalled direct dependencies: ngx-matomo-client
• Moved webpack from direct to transitive dependencies (of @angular-devkit/build-angular) and deleted its transitive dependencies (events) from the list.
• Updated versions numbers according to yarn.lock.
• Added a new sheet "Auxiliary Dependencies" including dev dependencies – they should also be monitored since they are used in the build pipeline.
• Moved rxjs v6.6.7 from direct to transitive dependencies (of compodoc).

Also, I noted our proposed changes to SOP 3.11 in ClickUp, they will be part of the big review planned for this summer.