Add trusted publishing and provenance metrics #95
Description
It'd be very useful to be able to list the packages which don't have provenance.
We could have a stricter mode of that where it lists those without trusted/oidc publishing too.
Basically, I imagine some kind of --trusted-publisher=provenance / --trusted-publisher=oidc setting we can turn on
The node modules inspector already visualises this so the logic probably exists somewhere there.