CI integration - Github Actions

[adisbladis]

There should be a quick & easy way to get Github Actions to publish Nix builds to a log instance running elsewhere.

This integration will take care of:

• Integrating with the system Nix installation, however it was installed.
• Integration of the write token into github actions yaml syntax.
• Using Github Actions secrets for write token.

Considerations:

• It's probably worth it to not install the push as a post-build-hook but as a post action step
  Instead of slowing down and doing a network round trip after every build we can do one big submission in one big chunk.
  Not only is this better for less round trips, but it also means that we can possibly publish fewer STHs (signed tree heads).

Hosting:

Notably this action does not take care of hosting a Trustix instance.
That's still an exercise left up to the user.

Example usage:

name: "Test"
on:
  pull_request:
  push:
jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: cachix/install-nix-action@v23
    - uses: nix-community/trustix/packages/trustix-nix/github-action@v1
      with:
        instance: https://demo.trustix.dev
        # Log ID as returned by `trustix -- print-log-id --protocol nix --pubkey $(cat secrets/log-pub)`
        logID: 453016597475f45532e0a22a448ea7e0fb915e950d3c8930bfd23d962d73f9c1
        # Write token
        token: '${{ secrets.TRUSTIX_WRITE_TOKEN }}'
    - run: nix-build