Multi-attestation policy assessments

[mattmoor]

Description

(this is related to #1232)

Suppose I want to author policy that requires two of my five approvers to have signed attestations about a new release before it can be admitted to production. We need something like #1232 to assess who is making the claim (for keyless, for keys who knows?).

However, the scope of policy checking today is a single attestation, so there is no way to say that two of these must match a given policy, and they the identities (keys?) associated with those must be unique.

I think we should probably rework the policy checking such that the policy file is passed (total strawperson!):

type Input []AttestationPayload

type AttestationPayload {
    // ID holds information about the identity that signed this claim.
    ID Identity `json:"id"`

    // Claim holds the in-toto statement that the identity above is claiming to be true.
    Claim Statement `json:"claim"`
}

type Identity struct {
    // Key holds the PEM encoded public key that was used to verify the attestation.
    // This is populated if an explicit key was provided for verification.
    Key []byte `json:"key,omitempty"`

    // Fulcio holds the root URL (key?) that was used for verification
    // This is populated for "keyless" verification.
    Fulcio string `json:"fulcio,omitempty"`

    // Issuer holds the URL of the OIDC issuer that verified the signatory's identity.
    // This is populated for "keyless" verification.
    Issuer string `json:"iss,omitempty"`

    // Subject holds the subject identifier that was encoded into the certificate.
    // This is populated for "keyless" verification.
    Subject string `json:"sub,omitempty"`

    // TODO: encode extensions in here as well.
}

Again, this is totally a strawperson to use as a starting point for discussion, but I'd love to hear folks thoughts on this.

cc @dlorenc