The existing Rego included when running ec init policies is fairly basic. We should include something with a little more detail - particularly something that verifies attestations.
Some potential places to look for inspiration include:
input.imageinput.attestationsA/C:
ec init policies generates a Rego file that checks an image's attestations.