Include attestation for ModelKits

[bmicklea]

Describe the problem you're trying to solve ModelKits and the assets they contain can come from any location and be built by anyone. There are no inherent guarantees in any of the existing model / dataset packaging mechanism of provenance or safety. Users want a way to know where the package they are using has come from so they can make their own decision about whether to trust it.

Describe the solution you'd like ModelKits should be able to include attestations for the package and its contents. We could use something like the SLSA's verification summary and include it with the ModelKit as an option. This would make ModelKits the first packaging for AI/ML that provides provenance attestations.