[feature] Compliance test for TRW

[laurentsimon]

As part of the BYOB feature, we want to help TRW authors keep their code reliable and prevent it from breaking. This issue provides a wish list about what features we need for this compliance tests:

• [ ] The TRW pins all the SRW calls (setup-token, delegator call, etc) at the same tag
• [ ] e2e tests that the TRW works. How should this work?

[asraa]

I think the other requirement besides making sure they've called the TW correctly and used the SLSA inputs from the token correctly is

• [ ] Validate that the build output (SLSA subject layout) of the TW has a valid format and uses the correct JSON inputs

EDIT: I have no idea why I keep clicking the wrong buttons. Sorry for closing/reopening