Index materials of SLSA provenance statements

[tiziano88]

#764 added support for indexing the payload hash in in-toto entries. It would be nice to do the same for materials of SLSA provenance attestations, so that it would be possible, for instance, to look up all attestations that shows how a particular git commit (i.e. a material) was built into a binary artifact (i.e. the subject). This would allow for instance to check whether there are issues around reproducibility when done by different builders (e.g. GitHub actions and GCB may end up with a different artifact hash).

cc @bobcallaway @dlorenc @rbehjati @jul-sh @mariaschett @aferr

[asraa]

It would be nice to do the same for materials of SLSA provenance attestations, so that it would be possible, for instance, to look up all attestations that shows how a particular git commit (i.e. a material) was built into a binary artifact (i.e. the subject)

I can definitely do this, this is a great idea -- this would allow for recursing on entries to discover provenance for deps. cc @lumjjb

[lumjjb]

Yes!! The back-edges will be super helpful! +1