Where does the 16MB attestation artifact size limit come from?

[saxonww]

We're running into a problem where we exceed the predicate size limit introduced in #80. We have a few container images with SBOMs exceeding that size limit.

What is the reason for a 16MB size limit? #80 does not link to or contain any discussion about this. It doesn't seem to be driven by library or specification requirements. A forked version of this action with #80 removed, plus a forked version of actions/attest-sbom using it, seems to allow creation and upload of an attestation with larger predicates.

Assuming our SBOMs are the size they need to be, what are our options for working around this?