Should we adapt sigstore for the security metadata in our events?

[e-backmark-ericsson]

Description

We should probably look into sigstore.dev

Motivation

It's a new standard that might be widely spread

Exemplification

Adapt the meta.security object and eiffel-syntax-and-usage/security.md accordingly

Benefits

Being on top of new standards

Possible Drawbacks

Not yet sure what/if it actually provides better security possibilities compared to what we already have

[m-linner-ericsson]

We could at least make sure we can sign our events with it and maybe include an instruction on how to do it.