Introduce a custom error type to classify errors.

[mattmoor]

When checking signatures and evaluating policy, we may run into errors
for a variety of reasons unrelated to non-compliance, such as the registry
serving a 500. This change introduces an error type that we can use to
produce and wrap errors in a way that we can distinguish between incidental
and verification errors in the calling logic.

After this change, we will be able to write:

verr := &cosign.VerificationError{}
if errors.As(err, &verr) {
   // This is a verification error, handle accordingly.
} else {
  // This is something else, handle differently.
}

Related: sigstore/policy-controller#109

Release Note

Documentation

[codecov-commenter]

Codecov Report

Merging #2114 (31f7f9b) into main (39fb8d6) will increase coverage by 0.05%.
The diff coverage is 74.07%.

@@            Coverage Diff             @@
##             main    #2114      +/-   ##
==========================================
+ Coverage   26.27%   26.33%   +0.05%     
==========================================
  Files         129      130       +1     
  Lines        7582     7588       +6     
==========================================
+ Hits         1992     1998       +6     
  Misses       5333     5333              
  Partials      257      257              

Impacted Files	Coverage Δ
pkg/cosign/verify.go	32.08% <63.15%> (ø)
pkg/cosign/errors.go	100.00% <100.00%> (ø)
pkg/policy/eval.go	78.94% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us.

[vaikas]

This is a good pattern, then we can start adding things like if the issuer/subject or other things are not checking out.