attach intoto to release

[garethahealy]

With https://github.com/redhat-cop/helm-charts/pull/425 merged, intoto files are generated and attached to sigstore public infra, see: https://search.sigstore.dev/?uuid=24296fb24b8ad77a84d44942175fed2bbdad845e4ade10ae078ed53d76b556e132cd6bbac93e8bf4.

the github action can also attach the intoto doc to a release as a release artifact, see: policy.tar.intoto.jsonl

the reason it doesn't, is because CT does the release so the action doesn't know what release its working against. would be nice if we can figure out a way to get this working