Add `isDirect` flag in `COMPONENT` for efficient direct/transitive dependency filtering

[sahibamittal]

Current Behavior

Currently, at large scale, determining whether a component is direct or transitive dependency requires evaluating JSONB containment check against project.direct_dependencies. It becomes expensive for cross-project reporting and bulk analytics.

Proposed Behavior

Add IS_DIRECT to COMPONENT. This will require setting it during BOM import, can be a bulk-update for all components in a project.

All read paths can be updated by replacing JSONB containment checks with boolean filter.

New field will be nullable to avoid heavy migration for existing components and can be populated upon next bom upload/publish.

Optional: Expose the same in UI.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[nscuro]

Adjacent to / duplicate of #6184?

[sahibamittal]

Adjacent to / duplicate of #2118?

CEL function will be useful when querying for a specific component and project. In order to get this data for all components/projects (for reporting/analytics), having this flag stored will be more feasible.