chore: switch to GitHub attestations

[rjaegers]

🚀 Hey, I have created a Pull Request

Description of changes

This PR changes the way the amp-devcontainer images are signed. It moves away from using Cosign and Sigstore directly, instead attest-build-provenance is used.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[github-actions]

Compressed layer size comparison

Comparing ghcr.io/philips-software/amp-devcontainer-rust:latest to ghcr.io/philips-software/amp-devcontainer-rust@sha256:1fac42a7ffd494be4d7bcafbbd593a782832eb946a71ef8b4b74ceeb5c109c0a

OS/Platform	Previous Size	Current Size	Delta
linux/amd64	454.99M	461.39M	6.40M (+1.41%)
linux/arm64	593.18M	599.05M	5.88M (+0.99%)

[github-actions]

Compressed layer size comparison

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:latest to ghcr.io/philips-software/amp-devcontainer-cpp@sha256:2b81657199f7ff11f7bdc5759dd6818619caf447dcb1e8c6229bcee42311b992

OS/Platform	Previous Size	Current Size	Delta
linux/amd64	644.91M	686.85M	41.94M (+6.50%)
linux/arm64	636.38M	668.58M	32.21M (+5.06%)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	17		0	0.07s
✅ DOCKERFILE	hadolint	2		0	0.5s
✅ GHERKIN	gherkin-lint	2		0	0.88s
✅ JSON	npm-package-json-lint	yes		no	0.3s
✅ JSON	prettier	15	1	0	0.38s
✅ JSON	v8r	14		0	14.72s
✅ MARKDOWN	markdownlint	8	0	0	0.77s
✅ MARKDOWN	markdown-table-formatter	8	0	0	0.2s
✅ REPOSITORY	checkov	yes		no	16.1s
✅ REPOSITORY	gitleaks	yes		no	0.25s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	9.12s
✅ REPOSITORY	secretlint	yes		no	0.99s
✅ REPOSITORY	syft	yes		no	1.37s
✅ REPOSITORY	trivy	yes		no	5.23s
✅ REPOSITORY	trivy-sbom	yes		no	0.09s
✅ REPOSITORY	trufflehog	yes		no	2.98s
✅ SPELL	lychee	58		0	2.22s
✅ YAML	prettier	22	0	0	0.7s
✅ YAML	v8r	22		0	11.88s
✅ YAML	yamllint	22		0	0.43s

See detailed report in MegaLinter reports

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/dotnet@v8.3.0 (62 linters)
• oxsecurity/megalinter/flavors/dotnetweb@v8.3.0 (71 linters)

MegaLinter is graciously provided by

[github-actions]

Test Results

 2 files  ±0   2 suites  ±0   1m 22s ⏱️ -1s
29 tests ±0  29 ✅ ±0  0 💤 ±0  0 ❌ ±0 
31 runs  ±0  31 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit a6ef545. ± Comparison against base commit 556d28b.

♻️ This comment has been updated with latest results.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[BarisTanyeri]

This looks like it's only echoing the JSON. I suppose you intended to do more with the package information?