Add SLSA provenance support to in-toto-rs and rebuilderd

Rebuilderd is a verification system for binary packages. It repeates the build process of a package in an identical environment and verifies that the package is identical. It currently generates in-toto link attestations when a package is successfully rebuilt. As part of this task, rebuilderd must be updated to generate in-toto SLSA provenance. To enable this feature, in-toto-rs must be extended to support the provenance specification as well. We plan to add a additional json generator, work together with existing generator by extract a abstract interface. By adding a argument, software will dynamic dispatch to right generator. By this way, in-toto-rs can be compatible with newer generators introduced by the future standards. After this, we will update the version in-toto-rs relied by rebuilderd, together with enough testcases to ensure the correctness of the logical. If there's time left, we will add a "Verifylib"(or part of it) into `in-toto-rs to make up for the current functional defects. This verifylib should be compatible with the attestation of both old and new version.