Bump github.com/containers/image/v5 from 5.23.1 to 5.24.0

[dependabot]

Bumps github.com/containers/image/v5 from 5.23.1 to 5.24.0.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.24.0

Now supports both creating and verifying sigstore signatures that use Fulcio and Rekor. A New API for signing images during copy. docker-archive: now can read non-seekable streams. Improved error messages for registry errors.

• Introduce oci/{archive,layout}.ImageNotFoundError
• Don't use any default path fallbacks if the user specified a path
• Introduce signature/sigstore.NewSigner
• Introduce signature/simplesigning.NewSigner
• Add pkg/cli/sigstore
• Add functional-option NewPRSigstoreSigned
• Add signature/sigstore.GenerateKeyPair
• Avoid confusion about 404 on lookaside
• Heuristically warn about lookaside servers serving HTML
• Add a limit for the total number of signatures in lookaside
• Update the public.ecr.aws error with current data
• Add a test for isManifestUnknownError
• Consolidate handleErrorResponse calls to registryHTTPResponseToError
• Discard any but the first element of errcode.Errors
• Add more detailed error tests
• Make invalid HTTP bodies unwrappable as unexpectedHTTPResponseError
• Use registryHTTPResponseToError on /tags/list failure
• Simplify error messages using the default error text
• Use registryHttpResponseToError in many more places
• set directory transport destination as thread-safe
• Recognize invalid error responses of registry.redhat.io
• Make the pseudo-config used in sigstore attachments a bit more valid
• Convert TestSignatureStorageBaseURL to table-based
• Don't call net/url.URL.Parse when we mean net/url.Parse
• Rename all "url" variables to something else
• Fix documentation comment of the stubs package
• Simplify ociReference.getManifestDescriptor
• Simplify ociReference.getManifestDescriptor a bit
• Fix typos
• Remove unnecessary conversions
• Actually test the caller-requested function
• Remove ineffective assignments
• Fix an always-true condition
• Fix unordered list formatting in containers-policy.json(5)
• docker/reference: reduce regex compilations
• docker/reference/regexp.go: constify strings
• docker/reference.literal: return QuoteMeta directly
• docker/reference.expression: use strings.Join()
• Run (gofmt -s)
• Don't incorrectly report success on failure paths
• Clarify the semantics of the optional.creator field in simple signature payload
• Call x509.SystemCertPool directly instead of tlsconfig.SystemCertPool
• Remove sockets.DialerFromEnvironment

... (truncated)

Commits

• a3252d0 Release v5.24.0
• ed23a00 Merge pull request #1810 from mtrmac/generate-sigstore-key
• 187ad35 Add signature/sigstore.GenerateKeyPair
• c42c14f Merge pull request #1808 from containers/renovate/github.com-containers-stora...
• add3202 fix(deps): update module github.com/containers/storage to v1.45.3
• 24781db Merge pull request #1778 from mtrmac/fulcio-verification
• 23774f5 Add support for Fulcio and Rekor to sigstoreSigned
• 5158076 Add functional-option NewPRSigstoreSigned
• e88a98f Add tests to reject neither of keyPath / keyData being set
• ab3bfee Split sigstore configuration parsing and API into separate files
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)