Add support for uploading attestations in legacy API

[facutuesca]

Description

Add support for uploading PEP 740 attestations along with distribution files. Part of https://github.com/pypi/warehouse/issues/15871. For now only GHA-signed attestations are supported, but the implementation allows easily adding other publishers by implementing the OIDCPublisherMixin.publisher_verification_policy() method in the corresponding subclass.

Implementation

The core logic is in legacy.py: we check an upload request to see if it includes any attestations. If it does, we:

1. Check if the session is authenticated using Trusted Publishing (and GHA). If not, fail.
2. Parse the attestations using pypi-attestation-models.
3. Get the verification policy corresponding to the current Trusted Publisher (for now, always GitHub) .
4. Verify the attestations using sigstore with the above verification policy, against the uploaded distribution file.

For now we only verify the attestations. Storing them will be implemented in a later PR.

The GHA verification policy (from step 3) is defined in GitHubPublisherMixin.publisher_verification_policy(), and it checks the certificate in the attestation against the following claims:

• OIDCBuildConfigURI (e.g: https://github.com/org/repo/.github/workflows/workflow.yml@....)
• OIDCSourceRepositoryURI (e.g: https://github.com/org/repo/)

See here for the definition of each claim.

TODO before merging:

• [ ] Re-add repository-service-tuf to requirements/dev.txt once they release a new version. The current version pins tuf==3.1.0, which conflicts with sigstore who depends on tuf==4.0.0.

cc @woodruffw @di