AttestationPayload.from_dist should probably do SHA256 in a streaming fashion #13
Description
Distribution files can unfortunately be pretty large, so we should probably stream into SHA256 rather than the current sha256(dist.read_bytes()), since that'll buffer the whole thing in memory.
There should be a sha256_streaming helper within sigstore-python that we can reuse 🙂