Re-visit GetWorkflowInputs()

[laurentsimon]

We use this function to match the inputs to a workflow https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/slsaprovenance/common.go#L12.

We seem to always look at the trigger workflow's input. We may want to change this for our own builders, since our builders using v1.0 specs have a different interface: we should match on the re-usable workflow inputs rather than the trigger workflow's inputs for v1.0 specs.

[laurentsimon]

We may also rename this to externalParameters, to be consistent with v1.0