Extend VerificationResult with all verified data

[codysoyland]

Description

VerificationResult is the primary output of the verifier, and contains a "summary" of the verification result. Given that sigstore-go is primarily to be consumed by machines, and users of the library may need to have higher-fidelity data structures for post-processing, I would like to have VerificationResult contain more details about the verified data. Specifically:

• For bundles signed with a certificate, I would like a list of list of certificate chains:

  VerifiedCertificateChains [][]*x509.Certificate

• TimestampVerificationResult only contains a type, URI, and timestamp. I would like to have separate fields for VerifiedTimestampingResponse and VerifiedTransparencyLogEntry including all the data from the bundle.

  VerifiedTimestampingResponses []*timestamp.Timestamp
  VerifiedLogEntries            []*models.LogEntryAnon

• A list of verified SCTs would also be valuable:

  VerifiedSCTs              []*ct.SignedCertificateTimestamp

This will have several follow-on effects to the current public API, adding return data to several functions such as:

• func (v *SignedEntityVerifier) VerifyObserverTimestamps
• func (v *SignedEntityVerifier) VerifyTransparencyLogInclusion
• func VerifyArtifactTransparencyLog
• func VerifyTimestampAuthority
• func VerifySignedCertificateTimestamp

I believe that exposing these values from the verifier is important for clients that need data such as the specific transaction log entries that were verified, as there may be untrusted values in the bundle even if it passes the threshold.

The existing VerificationResult serves a role as a simple summary of verification, and we may consider exposing it unchanged as a separate return value, perhaps renaming it to VerificationSummary.

[kommendorkapten]

This sounds like a great proposal! Thanks for putting this together @codysoyland.