display presence of attestations in docker images --tree

[eunomie]

- What I did

Display a new column in docker images --tree to show the presence of attestations for an image

- How I did it

- How to verify it

$ ./build/docker images --tree
WARNING: This is an experimental feature. The output may change and shouldn't be depended on.

IMAGE                        ID             ATTEST   DISK USAGE   CONTENT SIZE   USED

tangela:local                33d3577a6389                   1GB          294MB
└─ linux/arm64               199ad0cfb5c3   ✔               1GB          294MB

<untagged>                   0a4eaa0eecf5                13.6MB         4.09MB
├─ linux/arm64/v8            24ba417e25e7                13.6MB         4.09MB
├─ linux/amd64               eddacbc7e24b                    0B             0B
├─ linux/arm/v6              5c7e326e3c8a                    0B             0B
├─ linux/arm/v7              fda9b1b812b2                    0B             0B
├─ linux/386                 fa66aa594ffa                    0B             0B
├─ linux/ppc64le             a01843eb870e                    0B             0B
├─ linux/riscv64             e99a4d9aa9f9                    0B             0B
└─ linux/s390x               14da06d3a895                    0B             0B

vektra/mockery:v2.43.2       88a21f9bd208                 561MB          130MB
├─ linux/arm64               c450823e2b19                 561MB          130MB
└─ linux/amd64               a9c46eae5d98                    0B             0B

amazon/dynamodb-local:2.2.1  eb8d4a591efd                 804MB          239MB
├─ linux/arm64               01cbd040783f   ✔             804MB          239MB
└─ linux/amd64               a5004db87d3e   ✔                0B             0B

ruby:alpine3.19              5f8ec895847b                 143MB         43.9MB
├─ linux/arm64/v8            f1e2c53e3770   ✔             143MB         43.9MB
├─ linux/amd64               7fb43231f1e1   ✔                0B             0B
├─ linux/arm/v6              f7b2e2fd50ed   ✔                0B             0B
├─ linux/arm/v7              025800f9bca0   ✔                0B             0B
├─ linux/386                 9c5b956f8f0c   ✔                0B             0B
├─ linux/ppc64le             2fa84bcd8876   ✔                0B             0B
└─ linux/s390x               5917a3eeb9ef   ✔                0B             0B

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 9 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@a5fb752). Learn more about missing BASE report.

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #5451   +/-   ##
=========================================
  Coverage          ?   59.72%           
=========================================
  Files             ?      345           
  Lines             ?    23439           
  Branches          ?        0           
=========================================
  Hits              ?    13999           
  Misses            ?     8466           
  Partials          ?      974           

[felipecruz91]

This is a really good start! I foresee the need of distinguishing what images have:

• SBOM attestation.
• Provenance attestation (and whether it's min or max mode).

We could think about having a -o wide output that dives into the details and adds a few more columns:

SBOM	Provenance
✔	✔ (max)
✔	✔ (min)