feat: parse Github Actions provenances with fully specified structs

[ramonpetgrave64]

Similar to how the GCB provenances are fully parsed with a struct, we should do the same for Github Actions Provenances

• https://github.com/slsa-framework/slsa-verifier/blob/9b5430ffbf9646e9a3b2bc0188c74e7c42137644/verifiers/internal/gcb/provenance.go#L25-L26

Part of the reason we don't already do that is so that we can verify that everything in the provenance can be matched with equivalent values in the fulcio certificates of github actions provenances. And

• https://github.com/slsa-framework/slsa-verifier/issues/493

When you Unmarshall in the typical way, unspecified fields are lost. Still, it's nicer to have a schema, and so we may be able to use json.RawMessage to preserve unspecified filds when Unmarshalling, so that we can still check the provenance for extra data.