Investigate simplifying SPEC 8 through use of pypa/gh-action-pypi-publish v1.11.0+

[matthewfeickert]

trafficstars

As noted in https://github.com/pypa/gh-action-pypi-publish/discussions/281, in https://github.com/pypa/gh-action-pypi-publish/ v1.11.0

every project making use of Trusted Publishing will start producing and publishing digital attestations without having to do any modifications to how they use this action.

This is great news, so a big thanks to @webknjaz and @woodruffw for this!

For some of our packages that have upcoming releases we should investigate how the attestations differ from the actions/attest-build-provenance ones and what the verification workflow is like. If we like them, then we should revise SPEC 8 to just use these automatically generated attestations, simplifying the process.