artifact -> attestaton -> provenance linkage

This task is about being able to ask about any information we know about a given software artifact by its content digest.

For example, you could run `/discover/sha256-deadbeef` and you'll get the attestations associated with a container image with digest (`sha256-deadbeef`) and also its related pieces of evidence (attestations, SBOMs, ...)

Conceptually this is similar to what the [referrer API](https://github.com/oras-project/artifacts-spec/blob/main/manifest-referrers-api.md) does in OCI but across [all cas-backends](https://docs.chainloop.dev/reference/operator/cas-backend/) and Chainloop organizations.


NOTE: in a future PR, we might want to propagate referrer information to OCI (if that's the backend that's being used) so users can leverage OCI clients such as regclient, oras, and so on.   

```[tasklist]
### Tasks
- [x] database denormalization https://github.com/chainloop-dev/chainloop/pull/416
- [x] discovery endpoint https://github.com/chainloop-dev/chainloop/pull/424
- [x] CLI support https://github.com/chainloop-dev/chainloop/pull/424
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

artifact -> attestaton -> provenance linkage #415

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

artifact -> attestaton -> provenance linkage #415

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions