Add SLSA provenance to your releases

[udf2457]

trafficstars

Description of the feature request:

Please add SLSA provenance to your releases.

It is easy to do on on Github:

https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator

Background info: https://docs.sigstore.dev/signing/overview/

Which category does this issue belong to?

No response

What underlying problem are you trying to solve with this feature?

Improve robustness against supply-chain attacks.

Which operating system are you running Bazel on?

No response

What is the output of bazel info release?

No response

If bazel info release returns development version or (@non-git), tell us how you built Bazel.

No response

What's the output of git remote get-url origin; git rev-parse HEAD ?

No response

Have you found anything relevant by searching the web?

No response

Any other information, logs, or outputs that you want to share?

No response