Trusted publishing: simplify post-facto retrieval of claims

[woodruffw]

From https://github.com/pypi/warehouse/pull/16302#discussion_r1691319287 -- we often need (e.g. in the context of PEP 740 attestations) to access the OIDC claims that accompanied the original trusted publishing event.

To do this currently we need to perform a somewhat expensive query over all Events associated with the release, looking for the one we expect to contain those claims, which is both slower and more brittle than it needs to be.

To address the above, we could add a File.publish_event or similar relation that links back to the claim-bearing event, or None if the File wasn't created via trusted publishing.

See https://github.com/pypi/warehouse/pull/16302 for additional context.