Add support for OpenVEX predicate type

[puerco]

Summary

This PR adds support for OpenVEX as a known predicate type to the cosign attest and cosign download attestation and cosign attest-blob commands.

Instead of linking the openvex go-modules, I've hardcoded the value or the predicate URI in a const to avoid growing the dependency tree.

Resolves #3404

Release Note

• OpenVEX is now one of the recognized predicate types using the identifier string openvex as the type.

Documentation

TBD

Signed-off-by: Adolfo García Veytia (Puerco) puerco@chainguard.dev

[codecov]

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (304ff16) 29.70% compared to head (22f9204) 30.21%.
Report is 4 commits behind head on main.

❗ Current head 22f9204 differs from pull request most recent head 39623db. Consider uploading reports for the commit 39623db to get more accurate results

Files	Patch %	Lines
cmd/cosign/cli/options/predicate.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3405      +/-   ##
==========================================
+ Coverage   29.70%   30.21%   +0.51%     
==========================================
  Files         155      155              
  Lines        9966     9966              
==========================================
+ Hits         2960     3011      +51     
+ Misses       6575     6505      -70     
- Partials      431      450      +19     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[hectorj2f]

Where could I find more about the OpenVex predicate specification to know what to put in my attestation ?

[puerco]

I also added a link to our current attestation spec: https://github.com/openvex/spec/blob/main/ATTESTING.md
I can switch the link once we finish registering our predicate type with our in-toto friends :)

[cpanato]

thx lgtm