feat(security): Add provenance

[AaronDewes]

This help increase trust in the builds on NPM by showing they were indeed generated from the same source code as this repository contains.

[github-actions[bot]]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[wolfy1339]

I think it would be wise to backport this for 5.x releases as well, as that is what is used be Probot

[github-actions[bot]]

:tada: This PR is included in version 6.1.0 :tada:

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot :package::rocket:

[AaronDewes]

I think it would be wise to backport this for 5.x releases as well, as that is what is used be Probot

I don't think that's necessary, provenance is not that important, and hopefully, we'll be able to update Probot soon.