Add option to validate attestation Source Repository metadata

**Description**

GitHub attestations also publish Source Repository metadata. [example](https://github.com/github/artifact-attestations-helm-charts/attestations/11041997) It would be useful to have the option to also check this metadata to validate, for example, the artifact was generated as part of a `master` branch (denoted by Source Repository Ref).


_sample image policy snippet_
```
    keyless:
      identities:
      - issuer: https://token.actions.githubusercontent.com
        subjectRegExp: ^https://github.com/github/artifact-attestations-helm/charts/.github/workflows/.*@refs/tags/trust-policies-v0.7.0$
        subjectSourceRef: refs/tags/trust-policies-v0.7.0 <--- suggested field addition.
```



<img width="1363" height="728" alt="Image" src="https://github.com/user-attachments/assets/9bda65cd-2d8b-429a-a636-dbc2d83ed775" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add option to validate attestation Source Repository metadata #1891

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add option to validate attestation Source Repository metadata #1891

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions