Currently, the README (and the PyPI docs) show using pypi-attestations verify to verify dists from PyPI. This downloads them into a tmp dir and throws them away. But what if I wanted to keep the dist? I think it'd be useful to have an option that places the verified dir into a target directory before getting rid of the tmp dir.

I can imagine a scenario where I'd want to verify a dist and then pip install it. It seems reasonable to me to keep the dist on disk in such case.

Although, when installing trees of deps, I'd probably still have to pip download everything, pypi-attestations verify each and then pip install --no-index from that wheelhouse.

Thoughts?