pub fn verify(receipt_path: String, root: Option<String>) -> Result<Value>
Verify a provenance receipt against its signing key. Fail-closed: a missing key, malformed receipt, or bad signature yields is_valid: false.
is_valid: false