⬆️👨‍💻 Update actions/attest-build-provenance action to v2 (#519)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance)
| action | major | `v1.4.4` -> `v2.0.1` |

---

### Release Notes

<details>
<summary>actions/attest-build-provenance
(actions/attest-build-provenance)</summary>

###
[`v2.0.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.0.1)

[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.0.0...v2.0.1)

#### What's Changed

- Bump actions/attest from 2.0.0 to 2.0.1 by
[@&#8203;bdehamer](https://redirect.github.com/bdehamer) in
[https://github.com/actions/attest-build-provenance/pull/406](https://redirect.github.com/actions/attest-build-provenance/pull/406)
    -   Deduplicate subjects before adding to in-toto statement

**Full Changelog**:
actions/attest-build-provenance@v2.0.0...v2.0.1

###
[`v2.0.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.0.0)

[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.4...v2.0.0)

The `attest-build-provenance` action now supports attesting multiple
subjects simultaneously. When identifying multiple subjects with the
`subject-path` input a single attestation is created with references to
each of the supplied subjects, rather than generating separate
attestations for each artifact. This reduces the number of attestations
that you need to create and manage.

#### What's Changed

- Bump cross-spawn from 7.0.3 to 7.0.6 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/attest-build-provenance/pull/319](https://redirect.github.com/actions/attest-build-provenance/pull/319)
- Prepare v2.0.0 release by
[@&#8203;bdehamer](https://redirect.github.com/bdehamer) in
[https://github.com/actions/attest-build-provenance/pull/321](https://redirect.github.com/actions/attest-build-provenance/pull/321)
- Bump `actions/attest` from 1.4.1 to 2.0.0 (w/ multi-subject
attestation support)

**Full Changelog**:
actions/attest-build-provenance@v1.4.4...v2.0.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cda-tum/mqt-qcec).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS40Mi40IiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ2l0aHViLWFjdGlvbnMiXX0=-->

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Lukas Burgholzer <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Lukas Burgholzer <[email protected]>

.github/workflows/cd.yml

@@ -60,7 +60,7 @@ jobs:
           path: dist
           merge-multiple: true
       - name: Generate artifact attestation for sdist and wheel(s)
-        uses: actions/attest-build-provenance@v1.4.4
+        uses: actions/attest-build-provenance@v2
         with:
           subject-path: "dist/*"
       - uses: pypa/gh-action-pypi-publish@release/v1