[pre-RFC] Using Sigstore for signing and verifying crates

Hi all! I'd like to post this pre-RFC to get some more feedback. It is a proposal to use Sigstore (https://sigstore.dev) for signing crates on publish and verifying on download. The RFC is described in detail here: rust-rfcs/0000-sigstore-integration.md at sigstore-rfc · trustification/rust-rfcs · GitHub Any feedback you can give here or directly is appreciated!