[FEATURE] Replace SLSA attestation with actions/attest in application-matrix-builds workflow

[WilliamBerryiii]

Feature Description

Migrate the application-matrix-builds.yml workflow from the SLSA-style security bundle generation to GitHub's native actions/attest-build-provenance and actions/attest actions, consistent with the approach adopted in pages-deploy.yml via #332.

Current Behavior

The application-matrix-builds.yml workflow uses a custom SLSA-style attestation approach with an enableSLSA configuration flag and a -GenerateSlsa builder argument. This approach relies on the slsa-framework/slsa-github-generator pattern that is blocked by enterprise policy and has been replaced in the documentation deployment pipeline.

Relevant references in application-matrix-builds.yml:

• SLSA security bundle generation (line 13, 23)
• enableSLSA configuration parsing and output (lines 49, 87, 127, 158, 215-217, 245)
• -GenerateSlsa builder argument (lines 426-427)

Proposed Solution

Replace the SLSA-style attestation with the same pattern established in PR #332:

1. Build provenance attestation via actions/attest-build-provenance
2. SBOM generation via anchore/sbom-action guided by .syft.yaml
3. SBOM attestation via actions/attest

All actions should be SHA-pinned and registered in Update-ActionSHAPinning.ps1.

Acceptance Criteria

• SLSA-style security bundle generation removed from application-matrix-builds.yml
• enableSLSA configuration flag and -GenerateSlsa builder argument removed or replaced with native attestation equivalent
• actions/attest-build-provenance attests per-application build artifacts
• anchore/sbom-action generates SPDX SBOM per application
• actions/attest attests the generated SBOMs
• attestations: write permission present on attestation job
• All new action SHAs registered in Update-ActionSHAPinning.ps1
• Consistency with pages-deploy.yml attestation pattern from build(build): replace SLSA attestation with actions/attest #332

Related Issues

• Parent: [FEATURE] Replace SLSA attestation with enterprise-compliant actions/attest #100
• Implements: [FEATURE] Replace SLSA attestation with enterprise-compliant actions/attest #100 for the application matrix builds workflow (pages-deploy.yml was addressed in build(build): replace SLSA attestation with actions/attest #332)

Additional Context

This was identified during review of PR #332 by @katriendg. The original issue #100 covers both pages-deploy.yml and the application matrix builds workflow; this issue tracks the remaining matrix builds migration as a discrete work item.