Fix 5mb limit for artifact verification

Why are we doing this work

At the moment, there is a hard-limit on artifact of 5mb. PoC repo:

https://gitlab.com/gitlab-org/software-supply-chain-security/capslock-tutorial

Hi team! 
I've been testing the SLSA attestation feature on capslock-tutorial and discovered what appears to be an artifact size limit. I wanted to validate this is expected behavior.
The attestation worker silently skips artifacts that exceed max_artifacts_content_include_size (default: 5 MB) .
Is that correct?

I can see the behaviour you're reporting. Here are the logs for the 4.9mb file https://log.gprd.gitlab.net/app/r/s/1Hco6 and for the 5.1mb file https://log.gprd.gitlab.net/app/r/s/eI8ub

Relevant links

• Phase 5: OCI Containers Attestation (#20683) · Epic · gitlab-org
• ADR 006: Enable the creation of SLSA Level 3 Attestations for OCI images
• SLSA Level 3 Provenance Attestations
• UX to enable SLSA provenance generation (#547903)
• FF slsa_provenance_statement -- Roll out feature flag to publish SLSA provenance statements (#547866)
• SLSA • Provenance
• ADR 002: Generate SLSA Provenance in GitLab Rails backend

Non-functional requirements

• Documentation: Documentation will be handled in another ticket. Document SLSA provenance statement generation (Rails backend implementation) (#546180) · Issue · gitlab-org/gitlab
• Feature flag: Development is behind [FF] slsa_provenance_statement
• Performance: discussed in ADR.
• Testing: discussed in ADR

Implementation plan

We should modify the code so that the maximum size we accept is the same as the maximum artifact size. See CI/CD settings.

Verification steps

• Test locally.
• Send fix to prod. Verify that the PoC below no longer reproduces.

PoC: Creates attestation/does not create attestation.