chore: add PyPI stub

Signed-off-by: Ben Selwyn-Smith <[email protected]>

Author: benmss

src/macaron/slsa_analyzer/analyzer.py

@@ -1011,8 +1011,19 @@ def get_artifact_hash(
             return maven_registry.get_artifact_hash(purl, hash_algorithm)
 
         if purl.type == "pypi":
-            # TODO implement
-            return None
+            # pypi_registry = next(
+            #    (
+            #        package_registry
+            #        for package_registry in PACKAGE_REGISTRIES
+            #        if isinstance(package_registry, PyPIRegistry)
+            #    )
+            # )
+            # if not pypi_registry:
+            #    return None
+
+            # Create PyPIJsonAsset (requires component changes from PR 982)
+
+            pass
 
         logger.debug("Purl type '%s' not yet supported for GitHub attestation discovery.", purl.type)
         return None