refactor(attestation): use in_toto library and update to slsa provenance schema v1
What does this MR do?
- Update SLSA Provenance to v1
- Use in_toto_golang library to generate In-Toto Statement
Why was this MR needed?
Managing a own golang structure set of a in-toto statement is tideous to update and maintain.
The golang library https://github.com/in-toto/in-toto-golang manages and maintans those structures acording to the specification
What's the best way to test this MR?
Migration of SLSA provenance spec is done using the guide from the framework itself: https://slsa.dev/provenance/v1#migrating-from-02
What are the relevant issue numbers?
Edited by Lukas Höhl