feat: parse Github Actions provenances with fully specified structs

[ramonpetgrave64]

Similar to how the GCB provenances are fully parsed with a struct, we should do the same for Github Actions Provenances

• slsa-verifier/verifiers/internal/gcb/provenance.go

  Lines 25 to 26 in 9b5430f

  	type provenance struct {
  	Build struct {

Part of the reason we don't already do that is so that we can verify that everything in the provenance can be matched with equivalent values in the fulcio certificates of github actions provenances. And

• [feature][npm] Verify consistency between cert and provenance #493

When you Unmarshall in the typical way, unspecified fields are lost. Still, it's nicer to have a schema, and so we may be able to use json.RawMessage to preserve unspecified filds when Unmarshalling, so that we can still check the provenance for extra data.