Sign release artifacts and git tags

[JeanChristopheMorinPerso]

As part of the OpenSSF Best Practices badges, we must cryptographically sign our releases, which includes:

• The GH artifacts attached to the GH release
• sdist + wheels (PyPI doesn't yet know what is a signed package, but we can upload our signed artifacts on the GH release).
• Git tags (https://docs.sigstore.dev/signing/gitsign/#signing-tags)

I suggest that we use https://www.sigstore.dev/ since that's pretty much the defacto solution nowadays and doesn't require us managing GPG keys. Though, we might actually want to look at https://slsa.dev/ to help our users map built packages back to their canonical sources and dependencies.

One thing to verify is if we need to do both slsa and sigstore. SLSA describes the provenance (what entity built the artifact, what process they used, and what the inputs were). This enables verifying that an artifact was built as expected.

From https://slsa.dev/spec/v1.0/verifying-artifacts:

SLSA uses provenance to indicate whether an artifact is authentic or not, but provenance doesn’t do anything unless somebody inspects it. SLSA calls that inspection verification

https://slsa.dev/attestation-model#model-and-terminology also shows that the attestation contains the artifact sha256 checksum and the attestation is signed. This means that technically the attestation of provenance is the artifact signature. If the artifact sha256 was to change, then the signature would become invalid.

Requirements:

• https://www.bestpractices.dev/en/projects/8389?criteria_level=1#signed_releases
• https://www.bestpractices.dev/en/projects/8389?criteria_level=1#version_tags_signed