feat: Add binary attestations

.github/workflows/release.yml

@@ -69,6 +69,9 @@ jobs:
     permissions:
       # Required to post the release
       contents: write
+      # For attestations
+      id-token: write
+      attestations: write
     strategy:
       fail-fast: false
       matrix:
@@ -155,6 +158,7 @@ jobs:
               file "$bin" || true
               ldd "$bin" || true
               $bin --version || true
+              echo "${name}_bin_path=${bin}" >> $GITHUB_ENV
           done
 
       - name: Archive binaries
@@ -205,6 +209,13 @@ jobs:
             ${{ steps.artifacts.outputs.file_name }}
             ${{ steps.man.outputs.foundry_man }}
 
+      - name: Binaries attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: |
+            ${{ env.cast_bin_path }}
+            ${{ env.forge_bin_path }}
+
       # If this is a nightly release, it also updates the release
       # tagged `nightly` for compatibility with `foundryup`
       - name: Update nightly release