Implement ledger metrics for observability and add tests for Ruby packages endpoints

- Added `LedgerMetrics` class to record write latency and total events for ledger operations.
- Created comprehensive tests for Ruby packages endpoints, covering scenarios for missing inventory, successful retrieval, and identifier handling.
- Introduced `TestSurfaceSecretsScope` for managing environment variables during tests.
- Developed `ProvenanceMongoExtensions` for attaching DSSE provenance and trust information to event documents.
- Implemented `EventProvenanceWriter` and `EventWriter` classes for managing event provenance in MongoDB.
- Established MongoDB indexes for efficient querying of events based on provenance and trust.
- Added models and JSON parsing logic for DSSE provenance and trust information.

ops/mongo/indices/events_provenance_indices.js

@@ -0,0 +1,33 @@
+// Index 1: core lookup – subject + kind + Rekor presence
+db.events.createIndex(
+  {
+    "subject.digest.sha256": 1,
+    "kind": 1,
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_by_subject_kind_provenance"
+  }
+);
+
+// Index 2: compliance gap – by kind + verified + Rekor presence
+db.events.createIndex(
+  {
+    "kind": 1,
+    "trust.verified": 1,
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_unproven_by_kind"
+  }
+);
+
+// Index 3: generic Rekor index scan – for debugging / bulk audit
+db.events.createIndex(
+  {
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_by_rekor_logindex"
+  }
+);