feat: add testifysec platform defaults for zero-config signing

[colek42]

Summary

This PR updates the action with TestifySec Platform defaults so users can get started with minimal configuration. Users now only need to provide:

• step name
• command or action-ref
• API token via ARCHIVISTA_HEADERS environment variable

Everything else just works out of the box with Sigstore signing and timestamping.

Changes

New Defaults

Setting	Old Default	New Default
archivista-server	https://archivista.testifysec.io	https://archivista.platform.testifysec.com
fulcio	(none)	https://fulcio.platform.testifysec.com
fulcio-oidc-issuer	(none)	https://token.actions.githubusercontent.com
fulcio-oidc-client-id	(none)	sigstore
timestamp-servers	(none)	https://tsa.platform.testifysec.com/api/v1/timestamp

Simplified Usage

Before:

- uses: testifysec/witness-wrapper@main
  with:
    step: build
    command: npm run build
    archivista-server: 'https://archivista.platform.testifysec.com'
    enable-sigstore: true
    fulcio: 'https://fulcio.platform.testifysec.com'
    fulcio-oidc-issuer: 'https://token.actions.githubusercontent.com'
    fulcio-oidc-client-id: 'sigstore'
    timestamp-servers: 'https://tsa.platform.testifysec.com/api/v1/timestamp'
  env:
    ARCHIVISTA_HEADERS: 'Authorization: Token ${{ secrets.WITNESS_API_TOKEN }}'

After:

- uses: testifysec/witness-wrapper@main
  with:
    step: build
    command: npm run build
  env:
    ARCHIVISTA_HEADERS: 'Authorization: Token ${{ secrets.WITNESS_API_TOKEN }}'

README Updates

• Completely rewritten with simplified quick start
• Added platform defaults table
• Added examples for wrapping actions
• Added custom configuration section for self-hosted users
• Documented required permissions for OIDC

Test plan

• Test action with minimal config against TestifySec Platform
• Verify attestations are signed with Fulcio certificates
• Verify attestations are timestamped with TSA
• Verify attestations are uploaded to Archivista

🤖 Generated with Claude Code