Persist predicate as part of the attestation in the GitLab backend

As noted in &19026 (comment 2779635586) a requirement of SLSA Build Level 1 is that provenance must exist. Our current signing workflow will generate the provenance, but does not persist it independently from the attestation.

Proposal

Modify the current signing process to persist the predicate contents as a separate file upload from the attestation. This would use the same database and file upload mechanism used for attestations, but it would store a second file called predicate. In the case of SLSA this would be the provenance statement, or in the case of an SBOM, it would be the contents of the SBOM. This would support the ability to transmit the predicate contents without having to parse and extract it from the attestation.