Sign the conda packages (and containers in phoenixcontainer) with sigstore

We can sign the produced packages and containers with sigstore so users can validate their provenance. Trusted publishers can be added on the prefix.dev channel to allow some users to upload packages.

Documentation:

• pixi bloc post of sigstore beta feature at prefix.dev
• prefix.dev sigstore example repository (github actions)
• gitlab sigstore examples