* Start of richer results from verification
* Pull out VSA code from signing
* Expose attestation signing fns
* Add VSA test
* Notes for policy result
* Require separate policy for VSA creation
* Load test signing key from tests
* Return rich object from policy
* Add result object schema and fix tests
* Ensure example test runs
* Remove data.yaml files from mock policies
* Don't run example - TUF policy isn't compatible
* Add attestation to manifests for all subjects
* Ensure adding attestation doesn't touch statements
* Don't export sign function
* Remove attestations from VerificationResult
* Change bool to Outcome enum in result
* Use outputLayout directly
* Make clearer that Outcome strings are for VSA
* Return multiple SLSA levels from policy
* Fix unmarshalling of policy-id (#39)
* Rename function
* Rename policy.VerificationResult -> policy.Result
* Re-add test for canonical input
---------
Co-authored-by: James Carnegie <james.carnegie@docker.com>
Co-authored-by: James Carnegie <kipz@users.noreply.github.com>
1a7897a052