Addition of a workflow for SLSA-compliant build and publishing

[Ataxii]

This pull request adds a new workflow to automate the build and publishing process in compliance with Level 3 Security Labeling System for Artifact (L3 SLSA) requirements for the project. Here's a summary of the main features added:

• Automatic generation of a Wheel and checksums for the generated artifacts.
• Creation of a Software Bill of Materials (SBoM) in JSON and XML formats.
• Provenance verification of the generated artifacts.
• Publishing the generated artifacts as a release on GitHub.

This workflow will enhance the transparency and security of the build and publishing process by providing detailed dependency information and ensuring provenance verification of distributed artifacts.

Workflow Execution Condition:

This workflow is triggered exclusively upon the creation of a release. By doing so, the maintainers retain full control over when the workflow is executed, ensuring that the release process remains entirely manual and intentional.

Details of Changes:

Addition of a workflow file .github/workflows/build.yml containing the necessary steps for build, SBoM generation, provenance verification, and publishing.

Tests Performed:

This workflow has been tested locally to ensure its proper functioning. Additional tests may be conducted once the pull request is merged to confirm its seamless integration into the project's CI/CD pipeline.

Teams
@PotatoCombo
@Nisrine-07
@yilmi
@Guillaume-Risch
@raihanou1
@evansedeno

[Ataxii]

@microsoft-github-policy-service agree