Enforce SLSA

Add an SLSA Verification (SlsaVerification) step to an existing Harness pipeline. The step verifies SLSA provenance attestations (when enabled) and optionally evaluates OPA policy sets against provenance data.

This skill only works with existing pipelines — do not create standalone verification-only pipelines.

Prerequisites: SLSA provenance must already exist for the artifact (typically from a provenance step via /generate-slsa — UI label SLSA Generation). Optional policy sets for provenance enforcement (/create-policy, harness_list policy_set).

Supported stages: CI, CD (Deployment), and Security. CD requires a containerized step group. Unlike SBOM enforcement, CI and CD both use SlsaVerification (no separate CD step type).

Guide the user through a step-by-step interactive wizard (same UX as /generate-slsa):