Hello!

First, thanks for this fantastic project - it’s a great help to the community and ecosystem at large.

I would like to suggest adding artifact attestations to the releases.

This would enable supply chain verification for these builds, and provide a layer of validation above just verifying the signature.

it’s pretty simple to add: just a single step, with no configuration or changes required in the binary itself.

what do you think?