Add 'profiles' for the Source Track

[TomHennen]

@adityasaky suggested that it might make the source track more clear if we

1. Define 'profiles' for source control systems as a combination of VCS, SCP, attestation issuers, etc...
2. Each profile should explain how it would meet the various source level requirements
3. Remove many of the examples that are currently inlined with the requirements themselves

@adityasaky mentions this would be made easier once we define a source control system #1128 .

[TomHennen]

This is probably a good way to address @marcelamelara's comment here https://github.com/slsa-framework/slsa/issues/1128#issuecomment-2360198417