Add beginner quickstart and local receipt drift verification

[chrismaz11]

Motivation

• Make the action and repo easy for beginners to use with a copy/paste 2-minute quickstart and plain-English explanation of "artifact drift".
• Allow local, offline verification against a saved receipt or raw SHA-256 fingerprint so users can detect drift without calling the API.
• Surface clear, human-readable SUCCESS/FAILURE messages (and consistent outputs) so CI logs and the local app show whether an artifact matches its receipt.

Description

• Rewrote README.md with a 2-minute copy/paste workflow, concise explanation of "artifact drift", expected logs, and a local receipt example.
• Added an optional receipt input in action.yml and made api_base_url/api_key conditional so the action can run in either API mode or local receipt-check mode.
• Implemented local receipt verification in src/index.js (and dist/index.js) that parses receipt JSON or a raw SHA-256 string, compares the computed file SHA-256 to the receipt hash, sets outputs (verification_id, status, receipt_id, receipt_signature), and prints clear messages: ✔ Artifact matches receipt. Integrity verified. or ✖ Artifact drift detected. File no longer matches original receipt.
• Expanded and updated scripts/test-local.js to cover API verification, receipt success, receipt drift (non-failing), and receipt drift (failing); added docs/troubleshooting.md and updated .gitignore to ignore .trustsignal/.

Testing

• Ran npm run build successfully to copy src/index.js to dist/index.js.
• Ran npm run validate:local (which runs node --check checks and node scripts/test-local.js) and it passed, with the test harness printing Local action contract test passed.
• Local tests exercise both API-mode (mocked) success and local receipt-mode success and drift paths, and assertions for expected outputs/messages all passed.

---

Codex Task