Fix indexing bug for intoto attestations

[priyawadhwa]

If the IntotoObj.Content field isn't specified, we end up returning too soon instead of adding provenance subject digests as indexing keys. cosign attest never sets the Content field, so searching for attestations uploaded with cosign isn't working.

This should fix it and adds in a unit test.

Signed-off-by: Priya Wadhwa priya@chainguard.dev

[codecov-commenter]

Codecov Report

Merging #870 (d3a2144) into main (45da1af) will increase coverage by 0.10%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #870      +/-   ##
==========================================
+ Coverage   46.24%   46.34%   +0.10%     
==========================================
  Files          60       60              
  Lines        5138     5135       -3     
==========================================
+ Hits         2376     2380       +4     
+ Misses       2487     2482       -5     
+ Partials      275      273       -2     

Impacted Files	Coverage Δ
pkg/types/intoto/v0.0.1/entry.go	36.74% <100.00%> (+0.96%)	⬆️
pkg/types/alpine/v0.0.1/entry.go	55.78% <0.00%> (+1.23%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 45da1af...d3a2144. Read the comment docs.

[asraa]

Again, the root cause is because we index on pre-canonicalized entries.
#854