Missing archive GH artifact attestations

[scop]

https://github.com/dependabot/cli/attestations has attestations only for executables within archives, even though the intent in the workflow seems to be to provide them for archives, too:

cli/.github/workflows/release.yml

Lines 40 to 45 in f12cbee

	- uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.3.3
	with:
	subject-path: |
	${{ steps.go_release.outputs.release_asset_dir }}/*
	dependabot-${{ github.ref_name}}-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
	dependabot-${{ github.ref_name}}-${{ matrix.goos }}-${{ matrix.goarch }}.zip

Maybe the archive artifact names in subject-path are not correct?