editorial: fix broken links to .md files

There are several places in the generated site where links are broken because
they still include the .md file extension. It's unclear why
jekyll-relative-links is broken _only_ in these instances, but this surgical
change resolves broken links on the site until the wider issue can be addressed.

Before this patch:
```
% git grep --color --no-index 'href="[^h][^"]*\.md' _site
_site/blog.html:the valuable feedback we received on the <a href="2023-02-24-sls
a-v1-rc.md">first release candidate</a>. This is
_site/blog.html:      <p>Interested in getting involved? Now’s the chance to <a href="2023-02-24-slsa-v1-rc.md">provide your feedback on the foundational v1 release of the SLSA framework.</a></p>
_site/example.html:<p>SLSA 4 <a href="requirements.md">requires</a> two-party source control and hermetic builds.
_site/how-to-orgs.html:<a href="/provenance/v1.md">https://slsa.dev/provenance/</a>.</p>
_site/spec/v1.0-rc2/onepage.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="#future-directions.md">future
_site/spec/v1.0-rc2/onepage.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="#future-directions.md">future
_site/spec/v1.0-rc2/threats.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="future-directions.md">future
_site/spec/v1.0-rc2/threats.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="future-directions.md">future
_site/spec/v1.0/onepage.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="#future-directions.md">future
_site/spec/v1.0/onepage.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="#future-directions.md">future
_site/spec/v1.0/threats.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="future-directions.md">future
_site/spec/v1.0/threats.html:<p>SLSA v1.0 does not address this threat, but it may be addressed in a <a href="future-directions.md">future
```

-   the two blog.html instances are resolved by editing the individual blog
    posts to remove the .md file extension
-   the example.html instance will be resolved by slsa-framework#945
-   how-to-orgs.html is fixed by removing the .md extension line 20 of
    how-to-orgs.md
-   the v1.0-rc2 threats and onepage are fixed by removing the .md extension in
    lines 40 and 49 of spec/v1.0-rc2/threats.md
-   the v1.0 threats and onepage are fixed by removing the .md extension in
    lines 40 and 49 spec/v1.0/threats.md

Following these changes:

```
% git grep --color --no-index 'href="[^h][^"]*\.md' _site
_site/example.html:<p>SLSA 4 <a href="requirements.md">requires</a> two-party source control and hermetic builds.
```

which is resolved by the removal of example.md in PR#945

Signed-off-by: Joshua Lock <joshuagloe@gmail.com>

docs/_posts/2023-04-03-the-breadth-and-depth-of-slsa.md

@@ -4,7 +4,7 @@ author: "Mike Lieberman"
 is_guest_post: false
 ---
 
-Interested in getting involved? Now’s the chance to [provide your feedback on the foundational v1 release of the SLSA framework.](2023-02-24-slsa-v1-rc.md)
+Interested in getting involved? Now’s the chance to [provide your feedback on the foundational v1 release of the SLSA framework.](2023-02-24-slsa-v1-rc)
 
 “Software Supply chain security is more than just the build” is a common response when folks learn about SLSA. This is true. SLSA 1.0 is entirely focused on generating [build provenance](/spec/v1.0/provenance) and assurance around that provenance due to the security capabilities of the build system and security properties of a particular running build. Software Supply Chain Security is the cybersecurity practice of extending left into System Delivery Lifecycle or Software Delivery Lifecycle and the SDLC is more than just the build.
 

docs/_posts/2023-04-04-slsa-v1-rc2.md

@@ -26,7 +26,7 @@ all early adopters who have provided valuable feedback on the previous release
 candidate. Thank you for your contributions to the project!
 
 [GitHub issue]: https://github.com/slsa-framework/slsa/issues
-[RC1]: 2023-02-24-slsa-v1-rc.md
+[RC1]: 2023-02-24-slsa-v1-rc
 [RC2]: /spec/v1.0-rc2/
 [backlog]: https://github.com/orgs/slsa-framework/projects/1/views/1
 [Approved Specification]: /spec-stages#approved

docs/how-to-orgs.md

@@ -17,7 +17,7 @@ For all [SLSA levels](/spec/v1.0/levels.md), you follow the same steps:
 
 What differs for each level is the robustness of the build and provenance. For
 more information about SLSA provenance see
-[https://slsa.dev/provenance/](/provenance/v1.md).
+[https://slsa.dev/provenance/](/provenance/v1).
 
 SLSA Build levels are progressive: SLSA Build L3 includes all the guarantees of
 SLSA Build L2, and SLSA Build L2 includes all the guarantees of SLSA Build L1.

docs/spec/v1.0-rc2/threats.md

@@ -37,7 +37,7 @@ An adversary introduces a change through the official source control management
 interface without any special administrator privileges.
 
 SLSA v1.0 does not address this threat, but it may be addressed in a [future
-version](future-directions.md).
+version](future-directions).
 
 ### (B) Compromise source repo
 
@@ -46,7 +46,7 @@ administrative interface, or through a compromise of the underlying
 infrastructure.
 
 SLSA v1.0 does not address this threat, but it may be addressed in a [future
-version](future-directions.md).
+version](future-directions).
 
 ### (C) Build from modified source
 

docs/spec/v1.0/threats.md

@@ -39,7 +39,7 @@ An adversary introduces a change through the official source control management
 interface without any special administrator privileges.
 
 SLSA v1.0 does not address this threat, but it may be addressed in a [future
-version](future-directions.md).
+version](future-directions).
 
 ### (B) Compromise source repo
 
@@ -48,7 +48,7 @@ administrative interface, or through a compromise of the underlying
 infrastructure.
 
 SLSA v1.0 does not address this threat, but it may be addressed in a [future
-version](future-directions.md).
+version](future-directions).
 
 ### (C) Build from modified source