Implement payload validation rules #381
Description
The protocol buffer files in this repo are annotated with AIP-203 field behavior annotations, denoting fields that are marked as required. These annotations are not generally useful for payload validation, as described in AIP-4223:
The reason for this is that the google.api.field_behavior annotation is primarily a machine-readable form of documentation, and not a configuration for payload validation.
In sigstore-go, we've discussed adding additional validation to prevent nil-pointer panics, fail fast, and improve error messages. Ideally, these validation rules could be embedded in the protobuf files as opposed to implemented separately in each client language.
I came across a promising set of libraries designed for adding user-defined constraints to protobuf fields: protovalidate. It has highly-customizable rules and has Go, Java, and Python libraries.
I would like to propose that we add protovalidate annotations to the protobuf files in this repo, or if there are any alternative practices/libraries anybody would like to suggest.