So this is what actually generates the attestations, and even though the feature is still experimental we can still enable it here (and in the other repos) and let gh-action-pypi-publish deal with potential API changes, right?

I guess the other changes are unrelated, but it was convenient to bundle them together.

Yes, pretty much. There's a chance we may need to change config here too, but gh-action-pypi-publish should deal with most of it.

Just out of curiosity, do you know what caused the changes below?
Some of them seem backward, at least coming from Python (e.g. removing the double space before # and adding spaces within [] and {}), at least coming from Python.

They nearly all came from the pyproject-fmt upgrade from 1.x to 2.x.

We needed to bump actionlint so it wouldn't fail on the new attestations config, then I updated the other pre-commit at the same time.

One pyproject-fmt change is to align all the comments. Before, we just so happened to manually align them. Now, it automatically does it. I'm not sure why pyproject-fmt chose a single space, but it's a TOML file, not a Python file.

(Looks like it's using this TOML formatter which has align_comments but no option for how many spaces.)

I manually adjusted this into a single line:

include = [
    "python_docs_theme/",
]

to:

include = [ "python_docs_theme/" ]

The extra spaces are also from pyproject-fmt, and common in examples in the spec: https://toml.io/en/v1.0.0

Again, this TOML not Python. I guess I might slightly prefer more a Python-y style, but having an autoformatter keep things consistent, and easier to compare across projects, is much more valuable for me.

Yep, I figured that TOML might be following different conventions, and it makes sense to be consistent with those.
Thanks for looking into this!