feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint.
- Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately.
- Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly.
- Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.

src/StellaOps.Signer/StellaOps.Signer.WebService/Contracts/SignDsseContracts.cs

@@ -0,0 +1,30 @@
+using System.Collections.Generic;
+using System.Text.Json;
+
+namespace StellaOps.Signer.WebService.Contracts;
+
+public sealed record SignDsseSubjectDto(string Name, Dictionary<string, string> Digest);
+
+public sealed record SignDssePoeDto(string Format, string Value);
+
+public sealed record SignDsseOptionsDto(string? SigningMode, int? ExpirySeconds, string? ReturnBundle);
+
+public sealed record SignDsseRequestDto(
+    List<SignDsseSubjectDto> Subject,
+    string PredicateType,
+    JsonElement Predicate,
+    string ScannerImageDigest,
+    SignDssePoeDto Poe,
+    SignDsseOptionsDto? Options);
+
+public sealed record SignDsseResponseDto(SignDsseBundleDto Bundle, SignDssePolicyDto Policy, string AuditId);
+
+public sealed record SignDsseBundleDto(SignDsseEnvelopeDto Dsse, IReadOnlyList<string> CertificateChain, string Mode, SignDsseIdentityDto SigningIdentity);
+
+public sealed record SignDsseEnvelopeDto(string PayloadType, string Payload, IReadOnlyList<SignDsseSignatureDto> Signatures);
+
+public sealed record SignDsseSignatureDto(string Signature, string? KeyId);
+
+public sealed record SignDsseIdentityDto(string Issuer, string Subject, string? CertExpiry);
+
+public sealed record SignDssePolicyDto(string Plan, int MaxArtifactBytes, int QpsRemaining);