ci: disable build provenance by adding comments

[giacob500]

Summary

This PR addresses issue #4580 (ci: disable the build provenance stuff for now).

• Disabled the build provenance steps in the GitHub Actions CI workflow.
• Commented out the steps related to attest-build-provenance to prevent unnecessary updates for Dependabot.
• Kept the relevant configuration in place to easily re-enable the build provenance steps in the future.

Details

While working on the CI setup, it was noted that the build provenance steps are not currently being utilized. These steps are meant to attest build provenance for the generated wheel and tar files, but there is no active use for them at the moment. As a result, we decided to comment them out to avoid unnecessary updates triggered by Dependabot, while preserving the configuration for future use.

The following steps were commented out in the .github/workflows/build-wheel.yml file:

- name: Attest Build Provenance for tar
  uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
  with:
    subject-path: "dist/${{ steps.filename.outputs.tar }}"

- name: Attest Build Provenance for whl
  uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
  with:
    subject-path: "dist/${{ steps.filename.outputs.whl }}"

[terriko]

Thank you! I think that will do the trick.