Add support for binary wheels via cibuildwheel

[sethmlarson]

• Multiple jobs, one for sdists (python -m build) and one for multi-arch wheels (cibuildwheel).
• See: https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-matrix-strategy-builds
• Can provenance be regenerated when new wheels need to be built? (New Python versions, new architectures). Provenance seems to only need hashes as an input?

Proposed GitHub Action flowchart:

graph TB
  hashes((hashes))
  wheels((wheels))
  sdist((sdist))
  sha256-sdist((sha256-sdist))
  sha256-wheels((sha256-wheels))
  provenance((provenance))

  sdist-->|needs|cibuildwheel
  cibuildwheel-.->|builds|wheels
  sdist-.->|hash|sha256-sdist
  wheels-.->|hash|sha256-wheels
  sha256-sdist-->|needs|hashes
  sha256-wheels-->|needs|hashes
  hashes-->|needs|slsa-builder
  slsa-builder-->|builds|provenance
  sdist-->|publish|pypi
  wheels-->|publish|pypi
  sdist-->|publish|github-release
  wheels-->|publish|github-release
  provenance-->|publish|github-release