refactor: begin to remove sigstore_protobuf_specs

[woodruffw]

Towards #1049.

This is very WIP and won't work in CI yet since I'm using a local editable install of the new sigstore_models package while I iterate on it.

NB: I've also temporarily disabled interrogate because it has some kind of issue with a cairo dep.

[woodruffw]

I've published https://pypi.org/project/sigstore-models/ to accompany this.

[woodruffw]

Okay, this is good for a review.

Key changes:

• I've removed sigstore_protobuf_specs entirely and replaced it with sigstore_models, which I've created as a replacement. The latter contains only the subset of the former that's needed by sigstore-python, and has no protobuf dependencies at all (only Pydantic).
• I've rewritten all of the APIs per above. This was mostly a 1-1 substitution, although there are some nuances around Protobuf's JSON encoding quirks (namely for uint64 and bytes types). These quirks should have no public API implications, but they require some more explicit internal round-trip handling than the sigstore_protobuf_specs APIs did. In particular, we now need to explicitly base64 encode bytes when passing them into the models, and same string-encoding uint64s.
• I've removed the sigstore.models.LogEntry model entirely and replaced it with sigstore.models.TransparencyLogEntry, which is a wrapper type for the "protobuf" level TransparencyLogEntry type. This makes it consistent with our other sigstore.models APIs (e.g. Bundle).
• Similarly, I've completely removed sigstore.models.LogInclusionProof since it's now fully covered by sigstore_models.
• Finally, I've updated the checked-in TUF/signing config/trust root assets to include operator everywhere -- this field isn't explicitly marked as required by the protobuf-specs but the documentation implies that it is. Consequently sigstore_models requires it, which works with the actual staging instance but not with the checked-in assets (since they were presumably at least partially handwritten).

Separately from the above, this PR contains some CI fixes (from zizmor).

[jku]

This is great, I'll try to review tomorrow (although I don't think we need to rush with this one)

[woodruffw]

Thanks @jku!

I have an internal need for this, but there's no huge rush from me -- I can always pin to the git reference temporarily 🙂

(With that being said, I'd love it if we could land this with v4, if you think that's possible -- I think it's be nice to have a clean major break.)