whatsrc: Added live-bootstrap provenance data

[kpcyrd]

Dear list,

I've added live-bootstrap <https://github.com/fosslinux/live-bootstrap> 
to the list of distros I import. On the following page:

https://whatsrc.org/artifact/sha256:b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30

It now lists this source code is considered `zlib 1.2.13` in 
live-bootstrap, it was also seen in Gentoo, Guix, openSUSE and Wolfi OS.

 From their readme, live-bootstrap's objective is:

 > How can a usable Linux system be created with only human-auditable, 
and wherever possible, human-written, source code?

They also have a note about pre-processed source code archives:

 > GNU Guix is currently the furthest along project to automate 
bootstrapping. However, there are a number of non-auditable files used 
in many of their packages. Here is a list of file types that we deem 
unsuitable for bootstrapping.
 > [...]
 > 2. Any pre-generated configure scripts, or Makefile.in’s from autotools.

I did find instances of source code inputs that seem autotools 
pre-processed:

libffi 3.3: 
https://whatsrc.org/artifact/sha256:72fba7922703ddfa7a028d513ac15a85c8d54c8d67f55fa5a4802885dc652056
curl 8.5.0: 
https://whatsrc.org/artifact/sha256:42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb

But I strongly agree with the overall stance.

In total the following vendors are currently present in the database:

- alpine
- archlinux
- crates.io (partial)
- debian
- fedora
- gentoo
- guix
- homebrew
- kali
- live-bootstrap
- opensuse
- registry.yarnpkg.com (partial)
- ubuntu
- void
- wolfi
- yocto

cheers,
kpcyrd