Test the github Pages published token timeliness

[jku]

There's a token being published in https://sigstore-conformance.github.io/extremely-dangerous-public-oidc-beacon/oidc-token.txt now. Before we use it in sigstore-conformance, let's test it a bit (as @tnytown mentioned in PR comment Pages might have its own issues with publishing timeliness).

I tested this for a while in my own fork before th PR and it seemed to update pretty well, but the token in this projects Pages right now seems funky: I will investigate.

More specific notes:

• current token remained the same for 4 hours in github pages (with request header "Cache-Control: no-cache") but is now updating fine again
• the workflows claim the Pages publish worked fine all that time
• based on response headers this comes from Fastly CDN

A couple of options:

• I used a broken CDN endpoint (but somehow only for this specific project?)
• GitHub claims that Pages upload limits do not apply to uploads from GH Actions... they still might. I've tested for several hours at a time before, but maybe the limit only comes up after a longer time (looks like token publishing may have stopped after ~13 hours of publishing here). Would be very annoying if the workflow succeeds but they still cancel the upload...

[jku]

maybe the limit only comes up after a longer time

I think this may be true. I've enabled workflows on my fork again and am testing both this project and my fork:

• my forks Pages has consistently served fresh or almost fresh tokens: 5 mins 32 secs is the oldest token so far today
• this project has had multiple "outages" when the Pages token is not updated for an hour or more

I'll take another look tomorrow when my fork should also have hit whatever limits there may be

[jku]

There's definitely something weird going on.For about two days of testing (running a script that checks the token every 10 seconds) my fork had fresh tokens available on GitHub Pages almost 100% consistently: the oldest token was 6 minutes old. Now on the third day it started having the same symptoms this project has: several multihour outages where suddenly Pages is not updated for 4-7 hours.

I'll investigate this more later but the Pages published token is definitely not usable for sigstore-conformance at the moment. I suspect Pages has some undocumented publishing limit that prevents the sort of use I was planning.

[jku]

This is a dead end: Pages publishing is not reliable for this. I will file a new issue for the git commit approach