Use GitHub's attestation feature for verifying PHAR

Author: Wirone

.github/workflows/release.yml

@@ -55,6 +55,11 @@ jobs:
         with:
           name: pie-${{ github.sha }}.phar
 
+      - name: Verify the PHAR
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh attestation verify pie.phar --repo ${{ github.repository }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3