Add to adoptium.api to represent CDXA's via the API

[andrew-m-leonard]

Extend adoptium.net API for asset querying to augment the "binary" object result to include a list of "CDXA reference urls", ref: #4054 (comment)
eg. added "attestation_links" list:

"binary": {
      "architecture": "x64",
      "download_count": 1346509,
      "heap_size": "normal",
      "image_type": "jdk",
      "jvm_impl": "hotspot",
      "os": "linux",
      "package": {
        "checksum": "3c654d98404c073b8a7e66bffb27f4ae3e7ede47d13284c132d40a83144bfd8c",
        "checksum_link": "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jdk_x64_linux_hotspot_21.0.5_11.tar.gz.sha256.txt",
        "download_count": 1346509,
        "link": "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jdk_x64_linux_hotspot_21.0.5_11.tar.gz",
        "attestation_links": [
           {
               "cdxa_link": "github.com/adoptium/temurin-attestations/21/jdk_21_0_5_11_x64_linux_AcmeInc.xml",
               "cdxa_public_signing_key_link": " github.com/adoptium/temurin-attestations-data/21/jdk_21_0_5_11_x64_linux_AcmeInc.xml.sign.pub"
           },
           {
               "cdxa_link": "github.com/adoptium/temurin-attestations/21/jdk_21_0_5_11_x64_linux_OtherOrgLtd.xml",
               "cdxa_public_signing_key_link": " github.com/adoptium/temurin-attestations-data/21/jdk_21_0_5_11_x64_linux_OtherOrgLtd.xml.sign.pub"
           }
        ],
        "metadata_link": "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jdk_x64_linux_hotspot_21.0.5_11.tar.gz.json",
        "name": "OpenJDK21U-jdk_x64_linux_hotspot_21.0.5_11.tar.gz",
        "signature_link": "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jdk_x64_linux_hotspot_21.0.5_11.tar.gz.sig",
        "size": 206798126
      },
      "project": "jdk",
      "scm_ref": "jdk-21.0.5+11_adopt",
      "updated_at": "2024-10-16T17:56:10Z"
    }

[andrew-m-leonard]

Implementation Plan:

1. Augment adoptium-api to make the "Updater" read temurin-attestations into the MongoDB as a new "modelled" datasource
2. Update the adoptium-api "Front-End" to expose a simple CDXA attestations query to just return all CDXA's as a list
3. Update existing assets/binaries API to query MongoDB to relate CDXA's for a given "Binary" and populate attestation_links in returned "Release" object

[andrew-m-leonard]

1: Augment adoptium-api to make the "Updater" read temurin-attestations into the MongoDB as a new "modelled" datasource

1. Create a model of an "Attestation" https://github.com/adoptium/api.adoptium.net/tree/main/adoptium-models-parent/adoptium-api-v3-models/src/main/kotlin/net/adoptium/api/v3/models
2. Create a datasource model representation of an "Attestation" https://github.com/adoptium/api.adoptium.net/tree/main/adoptium-updater-parent/adoptium-datasources-parent/adoptium-github-datasource/src/main/kotlin/net/adoptium/api/v3/dataSources/github/graphql/models
3. Create an Adopt AttestationMapper to map a queried GraphQL Attestation object to Kotlin Attestation modelled object(1) https://github.com/adoptium/api.adoptium.net/tree/main/adoptium-updater-parent/adoptium-mappers-parent/adopt-mappers/src/main/kotlin/net/adoptium/api/v3/mapping/adopt