feat: add cosign keyless support to trust policy

[akashsinghal]

Description

What this PR does / why we need it:

This PR adds keyless verification support to new Trust Policy in cosign verifier.
New support includes:

• Custom Rekor server URL (if no value provided, defaults to sigstore's public good rekor instance)
• Transparency log verification config boolean for transparency log verification for keyless and keyed verificaiton
• New keyless section in the trust policy config
  • Certificate transparency log verification boolean for choosing if you want to validate Securet Certificate Timestamp presence in the Certificate Transparency Log.
  • cert OIDC issuer and Regular expression configs (one must be provided and this is enforced)
  • cert Identity and regular expression configs (one must be provided and this is enforced)
    Adds new summary section to extensions field of the verifier report. This contains a list of string statements on what exact verifications were performed (claims verified, public key used, annotation checked, etc.)

Updates tests to now manually turn off transparency log verification

Accompanying dos PR: ratify-project/ratify-web#80

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes #1323

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

• Test A
• Test B

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[codecov]

Codecov Report

Attention: Patch coverage is 82.00000% with 18 lines in your changes missing coverage. Please review.

Project coverage is 68.63%. Comparing base (2fa97fb) to head (dc47952).
Report is 5 commits behind head on dev.

Files	Patch %	Lines
pkg/verifier/cosign/cosign.go	83.33%	7 Missing and 5 partials ⚠️
pkg/verifier/cosign/trustpolicy.go	78.57%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              dev    #1503      +/-   ##
==========================================
+ Coverage   68.15%   68.63%   +0.47%     
==========================================
  Files         119      119              
  Lines        6139     6201      +62     
==========================================
+ Hits         4184     4256      +72     
+ Misses       1561     1557       -4     
+ Partials      394      388       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[susanshi]

Thanks for the PR Akash! looks great overall, i left some questions.

[akashsinghal]

TODO: add more test coverage to hit 80% patch coverage

[susanshi]

LGTM. thanks!