chore(gates): store whether the attestation was gated

[jiparis]

Store whether the attestation was gated, regardless of the execution being blocked or bypassed using the --exception-bypass-policy-check flag.
The new property is also added to the referrer payload, so that it's easily discoverable and used from policies.

Note that this property has been added for convenience, since it can still be inferred from the policy executions: those with the property gate: true with violations will raise an attestation gate.

Attestation:

...
    "policyHasGatedViolations": true,
    "policyHasViolations": true,
    "runnerEnvironment": "unknown",
    "runnerType": "RUNNER_TYPE_UNSPECIFIED",
...

wf run describe command

Discover command:

✗ chainloop discover --digest sha256:ecd2ff46268aa546e5c1fd566dda092cc166ffb3f2fcdb86fac94287c346f177
{
   "digest": "sha256:ecd2ff46268aa546e5c1fd566dda092cc166ffb3f2fcdb86fac94287c346f177",
   "kind": "ATTESTATION",
   "downloadable": true,
   "public": false,
   "createdAt": "2026-01-13T16:24:01.749689Z",
   "references": [
      {
         "digest": "sha1:09023f82cabee64886978226afcd9e7ee541a26d",
         "kind": "GIT_HEAD_COMMIT",
         "downloadable": false,
         "public": false,
         "createdAt": "2026-01-13T16:15:27.870678Z",
         "references": []
      }
   ],
   "metadata": {
      "contractName": "enforced-gated",
      "contractVersion": "1",
      "hasGatedPolicyViolations": "true",
      "hasPolicyViolations": "true",
      "name": "gated",
      "organization": "my-org",
      "project": "enforced",
      "projectVersion": "v1.70.0+next",
      "projectVersionPrerelease": "true",
      "team": ""
   }
}