check: ignore attestations, like signatures

[woodruffw]

This fixes a bug that I accidentally introduced with attestations support: twine upload learned the difference between distributions and attestations, but twine check didn't.

As a result, twine check dist/* would fail with an InvalidDistribution error whenever attestations are present in the dist directory, like so:

Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'

This fixes the behavior of twine check by having it skip attestations in the input list, like it does with .asc signatures. To do this, I reused the _split_inputs helper that was added with #1095, meaning that twine upload and twine check now have the same input splitting/filtering logic.

As part of reusing _split_inputs, I moved it to the top-level twine.commands module, since that's where other shared input handling helpers live. I've also moved the test to match.

See https://github.com/pypa/gh-action-pypi-publish/issues/283 for some additional breakage context.

[webknjaz]

@sigmavirus24 @jaraco any chance to release this ASAP? With the last pypi-publish release toggling the attestations flag for everyone, I foresee this affecting a lot of people on the scale.