source track: create a "levels" table for the source track

[zachariahcox]

The source-requirements document should have a table mapping out the responsibilities of the organization / producer and the "source platform" (a combination of standard modern developer tools).

LGTM I think this looks good for this draft. One other thing that I think we might want to include is a bit more clarity around the separation of concerns between the code management/review tools like Gerrit, Github, Gitlab, and the usage of those tools, e.g. repo with a particular set of rules on Github.

In the build track I think we do a reasonable job at saying your build tool should have these features and when using them you must make sure that you take advantage of those features. I think that could be done with a table similar to the table here https://slsa.dev/spec/v1.0/requirements#build-levels that splits Producer from Build Platform. This is unclear from the current open issues if it would be covered.

Originally posted by @mlieberman85 in #1097 (review)

[zachariahcox]

https://slsa.dev/spec/v1.0/requirements#provenance-generation

In the current draft, only "source level 3" has any provenance attestation to speak of, so theoretically all of exists, authentic, unforgeable should be true only for level 3?