Implement payload validation rules

[codysoyland]

The protocol buffer files in this repo are annotated with AIP-203 field behavior annotations, denoting fields that are marked as required. These annotations are not generally useful for payload validation, as described in AIP-4223:

The reason for this is that the google.api.field_behavior annotation is primarily a machine-readable form of documentation, and not a configuration for payload validation.

In sigstore-go, we've discussed adding additional validation to prevent nil-pointer panics, fail fast, and improve error messages. Ideally, these validation rules could be embedded in the protobuf files as opposed to implemented separately in each client language.

I came across a promising set of libraries designed for adding user-defined constraints to protobuf fields: protovalidate. It has highly-customizable rules and has Go, Java, and Python libraries.

I would like to propose that we add protovalidate annotations to the protobuf files in this repo, or if there are any alternative practices/libraries anybody would like to suggest.

[loosebazooka]

Yeah, I wouldn't mind removing sigstore-java's custom validator.