feat: handle dssev001 tlog entry types

[ramonpetgrave64]

re: https://github.com/slsa-framework/slsa-github-generator/issues/3750

Rekor TLog entries can now be of the type dsse v0.0.1, as when what's returned when using sigstore-go's Bundle().

This is to support eventual Sigstore Bundles produced by slsa-github-generator's "generic" generator, which will likely use sigstore-go's Bundle to produce attestations

• https://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101
• https://github.com/slsa-framework/slsa-github-generator/actions/runs/10359750833

Tesing

• Added unit tests with stub data
• manual invocations to very both new and old attestations and bundles, with some modifications for testing purposes
  • https://github.com/slsa-framework/slsa-verifier/compare/main...verify-sigstore-go-Bundlev3#diff-94741068472ee694a12811cd704179dd478a9fa20a3bf45cf6ea2d4406214dc2R179

Followup

Finish the work to produce bundles from the generic generators

• https://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101

[ramonpetgrave64]

@cmurphy, please take a look

[ramonpetgrave64]

@haydentherapper We can't yet because for the older attestations produce by slsa-github-generator, the certificate was not embedded within the envelope.

But that seems like another good reason for https://github.com/slsa-framework/slsa-verifier/issues/487