ci(release): emit SLSA Build Level 3 provenance via slsa-github-generator

[WilliamBerryiii]

Summary

Extend the release pipeline to emit SLSA Build Level 3 provenance for every release artifact (Python wheels, container images, SBOMs) using slsa-framework/slsa-github-generator. Provenance must be verifiable with slsa-verifier and attached to the GitHub release.

Background

The release pipeline already produces SPDX SBOMs (anchore/sbom-action@v0.24.0) and Sigstore-signed git tags via gitsign 0.13.0 (#419, #7). SLSA L3 provenance is the next step toward a verifiable build attestation that downstream consumers and the OpenSSF Scorecard can validate.

Acceptance Criteria

• Generic SLSA generator workflow added (or existing attest-release job replaced) that produces a signed in-toto provenance statement per release artifact
• Provenance attached as a GitHub release asset alongside SBOM and signatures
• slsa-verifier verify-artifact succeeds against published artifacts using the documented expected source URI and tag
• Verification command added to docs/security/ and to release notes
• CI gate fails the release if provenance generation or signing fails
• OpenSSF Scorecard SignedReleases and Packaging checks reflect the new provenance

Related

• Builds on Add hve-core release pipeline with dependency SBOM, signing artifacts, and Scorecard fixes #419 (release pipeline SBOM/signing/Scorecard fixes)
• Builds on ci: sign releases and document verification #7 (Sigstore artifact signing + verification docs)