Push images faster

[jonjohnsonjr]

This PR contains two changes that should make publishing faster.

The first is bumping ggcr to pull in google/go-containerregistry#1633. This allows us to use the new remote.Pusher API, which better handles deduplication of token handshakes, blob uploads, and manifest uploads concurrently and safely.

The second is bumping cosign to pull in sigstore/cosign#2878. This allows users to set SOURCE_DATE_EPOCH in order to get reproducible SBOMs, which allows us to skip uploading them and also avoids generating a ton of unused SBOMs when re-uploading the same thing (e.g. in a tight development loop).

For a NOP ko build --platform=all (taking advantage of both SOURCE_DATE_EPOCH and KO_CACHE), we finish in ~1/4 the time.

Before:

SOURCE_DATE_EPOCH=$(git log -1 --format='%ct') KO_CACHE=~/tmp/ko = ko build .  21.06s user 12.85s system 163% cpu 20.781 total

After:

SOURCE_DATE_EPOCH=$(git log -1 --format='%ct') KO_CACHE=~/tmp/ko = ko build .  18.65s user 12.37s system 575% cpu 5.391 total

Even in non-NOP cases, the publisher leg should be quite a bit faster, but I am too lazy to measure those.