Add SLSA provenance to releases

[udf2457]

trafficstars

Previous request #4553 seems to have been silently brushed under the carpet by the stalebot.

Previous request was also two years ago. In the intervening period, the tooling has become more robust and easier to implement.

Therefore I am re-opening a request to add SLSA provenance to your releases.

It is easier than ever to do on on Github:

https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator

Background info: https://docs.sigstore.dev/signing/overview/