Sample to showcase how to configure GitHub Actions to perform the following:
- sign an OCI artifact with Sigstore Cosign
- verify the signature on an OCI artifact
- generate, sign and publish a SLSA provenance attestation
- generate, sign and publish a SBOM.