Confirm ent tag logic is still needed

[tiziano88]

@thmsbinder I don't remember if this logic is currently used, or was it replaced by the kokoro workflow? If unused, I'd like to remove it and simplify things a bit (bot here and in ent itself).

oak/.github/workflows/reusable_provenance.yaml

Lines 173 to 186 in e9be418

	- name: Upload signed tag to Ent
	run: |
	set -o errexit
	set -o nounset
	set -o xtrace
	set -o pipefail
	file="${{ needs.get_inputs.outputs.artifact-path }}"
	binary_name="$(basename "${file}")"
	ent tag set --public-key=${{ inputs.ent-public-key }} \
	--label="artifact_${GITHUB_SHA}_${binary_name}" \
	--target=${{ steps.ent_upload_binary.outputs.binary_digest }}
	ent tag set --public-key=${{ inputs.ent-public-key }} \
	--label="provenance_${GITHUB_SHA}_${binary_name}" \
	--target=${{ steps.ent_upload_provenance.outputs.provenance_digest }}

[tiziano88]

In fact, same question about the "normal" ent upload -- perhaps that's not needed any more either?

[thmsbinder]

We use the tag feature to access the provenance for a binary. Lines 184-186 are needed. The binaries are downloaded from Kokoro and not from Ent. That's a bit asymmetric but OK. See also the internal ent_client.py. Transparent Release only reads from Ent, it doesn't write.