Support Github Artifact Attestations

### Is your feature request related to a problem? Please describe.

Github recently added a new feature called "Artifact Attestations". From what I can tell, it isn't straightforward to integrate this feature with Goreleaser.

### Describe the solution you'd like

Github recently introduced native integration of sigstore signatures. They're calling this "Artifact Attestations". It would be very cool if Goreleaser supported automatic artifact attestations for all release artifacts. Or at least documented the recommended integration approach.

https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/

### Describe alternatives you've considered

Goreleaser already supports signing various artifacts using sigstore's cosign. However checking signatures is not straightforward and requires a fairly complex cosign command.

### Search

- [X] I did search for other open and closed issues before opening this

### Supporter

- [ ] I am a [sponsor](https://github.com/sponsors/caarlos0/) or a [Pro](https://goreleaser.com/pro) customer

### Code of Conduct

- [X] I agree to follow this project's Code of Conduct

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Support Github Artifact Attestations #4852

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Search

Supporter

Code of Conduct

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Support Github Artifact Attestations #4852

Description

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Search

Supporter

Code of Conduct

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions