feat: Add ability to attest the supplied multi-arch image

[Danil-Grigorev]

Summary

When using docker buildx to build multi-arch images, SLSA workflow may need to recursively attest underlying images for the multi-arch build.

This is possible using --recursive=true according to the cosign attest help:

    -r, --recursive=false:
        if a multi-arch image is specified, additionally sign each discrete image

This change allows to provide recursive input flag in the workflow.
...

Testing Process

...

Checklist

• Review the contributing guidelines
• Add a reference to related issues in the PR description.
• Update documentation if applicable.
• Add unit tests if applicable.
• Add changes to the CHANGELOG if applicable.

[ianlewis]

@Danil-Grigorev Hi! Thanks for this. It looks great.

Could you update the docs with this new option?

Could you add an entry to the CHANGELOG.md?

[ramonpetgrave64]

Suggested change

	| `recursive` | If set, attestation is performed recursively on the image. Usefull when a multi-arch image is used. |
	| `recursive` | If set, attestation is performed recursively on each of the images. Useful when a multi-arch image is used. |

[ramonpetgrave64]

Suggested change

	- A new [`recursive`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added to allow users to pass `--recursive` option to the provenance attestation, usefull when signing `multi-arch` images.
	- A new [`recursive`](./internal/builders/container/README.md#workflow-inputs) input was added to allow users to pass `--recursive` option to the provenance attestation, usefull when signing `multi-arch` images.

[ramonpetgrave64]

@Danil-Grigorev Were you able to test this in any way, perhaps on your own fork?