Inspect a package

Fetches the artifact, parses its SLSA attestation, validates the certificate chain. No rebuild.