chore: Fix markdown issues (#3658)

# Summary

Fix a couple small issues with markdown files.

- Add alt text to images
- Fix table row

Fixes a couple issues in an upcoming version of markdown lint

https://github.com/slsa-framework/slsa-github-generator/pull/3643/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5

## Testing Process

N/A

## Checklist

- [x] Review the contributing
[guidelines](https://github.com/slsa-framework/slsa-github-generator/blob/main/CONTRIBUTING.md)
- [x] Add a reference to related issues in the PR description.
- [x] Update documentation if applicable.
- [x] Add unit tests if applicable.
- [x] Add changes to the
[CHANGELOG](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
if applicable.

Signed-off-by: Ian Lewis <[email protected]>

Author: Ian Lewis

README.md

@@ -6,7 +6,7 @@
 [![Slack](https://img.shields.io/static/v1?label=openssf.slack.com&message=%23slsa-tooling&color=4A154B&logo=slack)](https://slack.openssf.org/)
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
 
-<img align="right" src="https://slsa.dev/images/logo-mono.svg" width="140" height="140">
+<img alt="SLSA logo" align="right" src="https://slsa.dev/images/logo-mono.svg" width="140" height="140">
 
 <!-- markdown-toc --bullets="-" -i README.md -->
 

SPECIFICATIONS.md

@@ -234,7 +234,7 @@ Given an artifact and a signed provenance, we perform the following steps:
 
 3. **Extract the builder identity from the signing certificate**: Extract certificate information (see [here](https://github.com/sigstore/fulcio/blob/c74e2cfb763dd32def5dc921ff49f579fa262d96/docs/oid-info.md#136141572641--fulcio) for extension OIDs). Verify that the signing certificate’s subject name (job_workflow_ref) is the trusted builder ID at a trusted hash (calling repository SHA in the diagram below). This verifies authenticity of the provenance and guarantees the provenance was correctly populated.
 
-   <img src="images/cert.svg" width="70%" height="70%">
+   <img alt="certificate OIDs" src="images/cert.svg" width="70%" height="70%">
 
 4. **Verify the provenance attestation against a policy, as usual**: Parse the authenticated provenance and match the subject digest inside the provenance with the artifact digest. Additionally verify builder ID, configSource, and other properties according to policy.
 
@@ -277,7 +277,7 @@ More specifically, below are a list of threats we aim to protect against:
 | Build same repo same version but non-default branch                                | Branch and versions both added to provenance using GitHub's trigger payload                                                                                                                                                                                   | Verify provenance info                         |
 | Build same repo different builder                                                  | Sigstore embeds trusted builder's path in cert                                                                                                                                                                                                                | Verify cert's workflow path                    |
 | Build same repo using user-defined workflow                                        | Sigstore embeds builder's path in cert                                                                                                                                                                                                                        | Verify cert's workflow path                    |
-| Forge valid certificate with different repo/hash/builder through GitHub token leak | Token expires when job is complete, cleared after unmarshalling                                                                                                                                                                                               |
+| Forge valid certificate with different repo/hash/builder through GitHub token leak | Token expires when job is complete, cleared after unmarshalling                                                                                                                                                                                               |                                                |
 | Malicious env variables                                                            | Only accepts `CGO_*` and `GO*` env variables                                                                                                                                                                                                                  | Note: should be left to the verifier to decide |
 | Script injections                                                                  | Filter option names using allow-list + use execve()                                                                                                                                                                                                           | Note: should be left to the verifier to decide |
 | Malicious compiler options                                                         | Use allow-list                                                                                                                                                                                                                                                | Note: should be left to the verifier to decide |