[feature] Add more tests for TRW's specific commit sha1 for v0.2

[laurentsimon]

We need to verify that that generated provenance is correct. Unit tests and scheduled tests within this repo. The feature was introduced in https://github.com/slsa-framework/slsa-github-generator/pull/2078

[laurentsimon]

this should include verification for both v0.2 and v1.0 predicates

[laurentsimon]

Removing this issue from the BYOB milestone, because we want to support v1.0 first.