chore: switch to GitHub attestations

[rjaegers]

🚀 Hey, I have created a Pull Request

Description of changes

This PR changes the way the amp-devcontainer images are signed. It moves away from using Cosign and Sigstore directly, instead attest-build-provenance is used.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[github-actions]

Compressed layer size comparison

Comparing ghcr.io/philips-software/amp-devcontainer-rust:latest to ghcr.io/philips-software/amp-devcontainer-rust@sha256:1fac42a7ffd494be4d7bcafbbd593a782832eb946a71ef8b4b74ceeb5c109c0a

OS/Platform	Previous Size	Current Size	Delta
linux/amd64	454.99M	461.39M	6.40M (+1.41%)
linux/arm64	593.18M	599.05M	5.88M (+0.99%)

[github-actions]

Compressed layer size comparison

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:latest to ghcr.io/philips-software/amp-devcontainer-cpp@sha256:2b81657199f7ff11f7bdc5759dd6818619caf447dcb1e8c6229bcee42311b992

OS/Platform	Previous Size	Current Size	Delta
linux/amd64	644.91M	686.85M	41.94M (+6.50%)
linux/arm64	636.38M	668.58M	32.21M (+5.06%)

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	17		0	0.07s
✅ DOCKERFILE	hadolint	2		0	0.5s
✅ GHERKIN	gherkin-lint	2		0	0.88s
✅ JSON	npm-package-json-lint	yes		no	0.3s
✅ JSON	prettier	15	1	0	0.38s
✅ JSON	v8r	14		0	14.72s
✅ MARKDOWN	markdownlint	8	0	0	0.77s
✅ MARKDOWN	markdown-table-formatter	8	0	0	0.2s
✅ REPOSITORY	checkov	yes		no	16.1s
✅ REPOSITORY	gitleaks	yes		no	0.25s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	9.12s
✅ REPOSITORY	secretlint	yes		no	0.99s
✅ REPOSITORY	syft	yes		no	1.37s
✅ REPOSITORY	trivy	yes		no	5.23s
✅ REPOSITORY	trivy-sbom	yes		no	0.09s
✅ REPOSITORY	trufflehog	yes		no	2.98s
✅ SPELL	lychee	58		0	2.22s
✅ YAML	prettier	22	0	0	0.7s
✅ YAML	v8r	22		0	11.88s
✅ YAML	yamllint	22		0	0.43s

See detailed report in MegaLinter reports

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/dotnet@v8.3.0 (62 linters)
• oxsecurity/megalinter/flavors/dotnetweb@v8.3.0 (71 linters)

MegaLinter is graciously provided by

[github-actions]

Test Results

 2 files  ±0   2 suites  ±0   1m 22s ⏱️ -1s
29 tests ±0  29 ✅ ±0  0 💤 ±0  0 ❌ ±0 
31 runs  ±0  31 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit a6ef545. ± Comparison against base commit 556d28b.

♻️ This comment has been updated with latest results.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Pull Request Report (#687)

Static measures

Description	Value
Number of added lines	58
Number of deleted lines	15
Number of changed files	5
Number of commits	5
Number of reviews	6
Number of comments (w/o review comments)	5
Number of reviews that contains a comment to resolve	5
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	6

Time related measures

Description	Value
PR lead time (from creation to close of PR)	6.1 Days
Time that was spend on the branch before the PR was created	38.9 Min
Time that was spend on the branch before the PR was merged	6.1 Days
Time to merge after last review	6 Min

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	23.2 Min
Total time spend in last status check run on PR	33.3 Min