Add sigstore signing for remediation plans and execution results

[mlieberman85]

Look at converting remediation plans to in-toto attestations and signing them. Two reasons for this:

1. Enables ingestion and aggregation of this data into tools like GUAC and associating it with identities
2. Tracking what identity generated a remediation plan and what identity or identities that executed it.