Add definitions for in-toto statements?

[woodruffw]

Not sure if this is a good idea, or expands the focus of this repo too much; opening for discussion.

Context:

• Sigstore bundles support DSSE envelopes (Bundle.dsse_envelope), and fully exposes the structure of that envelope through messages defined in envelope.proto
• The only payload actually supported by Sigstore in DSSE envelopes is in-toto statements; anything else is rejected by Rekor
• The in-toto statements and associated types are expressed as Protobufs externally here, and have their own pre-generated language bindings

So, my thought: why not embed the in-toto types here, similar to what we've done for the DSSE envelope? This will simplify the dependency graph for Sigstore clients a bit, and (for Python in particular) will eliminate the stacking of different Protobuf library implementations (protobuf vs. betterproto).

See also: https://github.com/in-toto/attestation/issues/291

cc @adityasaky @haydentherapper @kommendorkapten