npm SLSA verification for chainctl libraries verify

[s-stumbo]

[ ] Check if this is a typo or other quick fix and ignore the rest :)

Type of change

Product update docs, based on https://github.com/chainguard-dev/mono/pull/33208

What should this PR do?

Explain how to verify attestation for npm tarballs

Why are we making this change?

so the docs are up-to-date with the product

What are the acceptance criteria?

• Make sure the content makes sense, is easy to follow, and appears in the appropriate sections

How should this PR be tested?

Run chainctl libraries verify against an npm tarball

[netlify]

✅ Deploy Preview for ornate-narwhal-088216 ready!

Name	Link
🔨 Latest commit	8bb95ff
🔍 Latest deploy log	https://app.netlify.com/projects/ornate-narwhal-088216/deploys/69b183862387500008cd1f31
😎 Deploy Preview	https://deploy-preview-3062--ornate-narwhal-088216.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[matthewhelmke]

This is a super-useful expansion of the doc! Thank you!!
LGTM