To ease the automatic onboarding of workflows, organizations might configure an API token globally, and then use it for creating the attestations. This means that:

• org ID will be provided by the API token
• workflow ID will be provided as an option in the CLI

The benefit of this approach would be organizations don't need to create a single robot account for each workflow (which could be problematic in orgs with dozens of jobs)

This change must be backwards compatible with current authz mechanisms, so we might need to rework the middlewares to allow multiple token providers.

This change should also be aligned with other potential authentication mechanisms, like using GitHub tokens, or any other ID provider.

### Tasks
- [x] Add Workflow create to the resource types
- [x] Add Attestation resource to the resource types
- [x] Create a policy to create Attestations
- [ ] Map attestation API to the Attestations Policy
- [ ] Add attestations policy to the default policies for API tokens
- [x] Add workflow-name command line option for attestations using API tokens