After #313, we can produce release binaries that can be reproduced by anyone. This removes most of the trust in our release pipeline because given both a binary and the source repo, it is in theory possible to reproduce the binary. However, there is also value in proving that we intended to release a given binary, and that we did so at a given point in time, as well as attesting to the state of the build environment. We should update the release pipeline to produce whatever evidence is easy to do.