In-toto

Added
* Support for DSSE in metadata generation tools (503, 577)
* Ability to set command, byproducts, environment in the in_toto_record APIs (564)

Changed
* Various dependency updates and dependabot changes
* Simplified link threshold check (573)

Added
* Moved subprocess execution wrapper to in-toto from securesystemslib (544)
* Support for in-toto flavoured GPGSigner and GPGKey for use with securesystemlib's new signer API (538)
* Acknowledgement to Purdue University (526)

Changed
* Invocation of bandit linter (541)
* Link to in-toto specification in README (551)
* Dependency updates (543, 549)

Fixed
* Includes tests in source distribution

Added
* ECDSA key type in CLI (520)
* Windows builds in GitHub Actions CI (513)
* Dependabot version monitoring for GitHub Actions (498)

Changed
* Build is now reproducible, thanks to hatchling (490)
* Misc test updates (487, 500, 529)
* Misc docs updates (499, 512, 516, 515, 530)

Removed
* Obsolete test dependency (521)

Added
* Python 3.10 support ([480](https://github.com/in-toto/in-toto/pull/480))
* Roadmap review ([463](https://github.com/in-toto/in-toto/pull/463))

Changed
* Bump dependencies: attrs ([482](https://github.com/in-toto/in-toto/pull/482)), cffi ([#474](https://github.com/in-toto/in-toto/pull/474)), cryptography ([#468](https://github.com/in-toto/in-toto/pull/468), [#472](https://github.com/in-toto/in-toto/pull/472), [#477](https://github.com/in-toto/in-toto/pull/477), [#481](https://github.com/in-toto/in-toto/pull/481)), iso8601 ([#476](https://github.com/in-toto/in-toto/pull/476), [#478](https://github.com/in-toto/in-toto/pull/478), [#479](https://github.com/in-toto/in-toto/pull/479)), pycparser ([#475](https://github.com/in-toto/in-toto/pull/475)), pynacl ([#483](https://github.com/in-toto/in-toto/pull/483)), securesystemslib ([#469](https://github.com/in-toto/in-toto/pull/469))
* Use explicit UTF-8 encoding in open calls ([470](https://github.com/in-toto/in-toto/pull/470))
* Misc. linter changes ([473](https://github.com/in-toto/in-toto/pull/473))
* Update acknowledgment to reflect Purdue ([471](https://github.com/in-toto/in-toto/pull/471))

Removed
* Python 3.6 support ([485](https://github.com/in-toto/in-toto/pull/485))

Added
* Added tests that use source and destination prefixes in match rules, courtesy of
Brandon Michael Hunter (456)

Changed
* Updated documentation of command alignment during verification workflow (455)
* Started using GitHub-native dependabot ($450)
* Bump dependencies: attrs (451), six (452), securesystemslib (453),
cffi (457), python-dateutil (458), iso8601 (459), pathspec (460)
* Fixed linter warnings (462)