Converter for newer bundle versions

[haydentherapper]

We've got a lot of bundle versions floating out there. Well, really just two. But soon, there will be three!

What do y'all thinking about a CLI to "upgrade" a bundle to the latest version? The converter would need to understand the breaking changes between each version to resolve them (and prompt users when the change could not be automatically resolved, but I don't think we have this need currently). Roughly, this would include:

• For v1->v2, automatically fetching an inclusion proof if one is not present.
• Also for v1->v2, checking all newly required Rekor messages and fields are populated
• For v2->v3, removing the certificate chain and placing the leaf certificate in the new certificate field, which could be done automatically if the cert was issued by the public Fulcio

This converter could also be used by package repositories that are persisting Sigstore bundles to keep bundles "fresh". We'll need a converter per-language then. Initially I was planning to throw one together just as a CLI.

Thoughts @woodruffw @bdehamer @loosebazooka @steiza?