Small CLI driver

[woodruffw]

As part of testing this package, it'd be nice to have a small CLI driver for our APIs.

In particular, something like:

$ # produces foo.whl.publish.attestation using the ambient OIDC credential
$ python -m pypi_attestation_models sign foo.whl

$ # dumps the attestation's inner statement + other metadata *without* verification
$ python -m pypi_attestation_models inspect foo.whl.publish.attestation

$ # verifies foo.whl against foo.whl.*.attestation, with `https://github.com/foo/bar` as the signing identity
$ python -m pypi_attestation_models verify foo.whl --identity https://github.com/foo/bar
OK: foo.whl.publish.attestation
OK: foo.whl.whatever.attestation

[woodruffw]

CC @DarkaMaul

[woodruffw]

(In particular, I think we should do this with python -m ... rather than a direct entry point, to keep this off the $PATH for now. So this should initiate via a __main__.py entrypoint, like sigstore-python: https://github.com/sigstore/sigstore-python/blob/main/sigstore/__main__.py)