Add SLSA3 provenance to your builds

[udf2457]

Please could you consider adding SLSA3 provenance to your builds. Github provide multiple tools to help with this, e.g.:

https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/
https://github.blog/enterprise-software/devsecops/enhance-build-security-and-reach-slsa-level-3-with-github-artifact-attestations/

Also some third-party links:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/

[scop]

SLSA level 3 is something I believe we will be looking into in the near future.

In the meantime, just in case it was missed, we currently (since v3.16.0) provide SLSA level 2 GH attestations, https://upcloudltd.github.io/upcloud-cli/#verify-assets