For the non-interactive signing environment (#34) we want to add created signatures to an attestation log. A simple solution may involve using a dedicated git repository to which the signing environment is able to push (signed) commits, that contain information on created signatures. However, integration with existing solutions, such as [rekor](https://github.com/sigstore/rekor) as well as best practices around their use need to be evaluated before evaluating a custom solution. - received metadata (i.e. file name, hash) of the file being signed - the name of the user that logged in and requested the signature - the base64 encoded raw cryptographic signature