feat: support OCI image manifest

[patrickzheng200]

This PR adds OCI image manifest support to notation CLI according to this spec.

If using OCI artifact manifest to store signatures, notation requires the registry to support Referrers API as well.

Tested with [COSE, JWS] + [OCI artifact manifest, OCI image manifest] on ACR.

This PR would also resolve issue.

[codecov-commenter]

Codecov Report

Merging #509 (65f2fcb) into main (8d52989) will increase coverage by 0.30%.
The diff coverage is 37.77%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #509      +/-   ##
==========================================
+ Coverage   36.50%   36.81%   +0.30%     
==========================================
  Files          29       30       +1     
  Lines        1504     1581      +77     
==========================================
+ Hits          549      582      +33     
- Misses        936      978      +42     
- Partials       19       21       +2     

Impacted Files	Coverage Δ
cmd/notation/sign.go	42.00% <25.00%> (-1.68%)	⬇️
cmd/notation/registry.go	16.19% <34.84%> (+16.19%)	⬆️
cmd/notation/verify.go	27.27% <50.00%> (ø)
internal/slices/slices.go	100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[shizhMSFT]

LGTM

[priteshbandi]

Code LGTM with pending flag name discussion. For merge, I would suggest wait for that discussion to conclude and then based on it update the flag name.

[patrickzheng200]

The current build would fail due to dependency change in notation-go: notaryproject/notation-go#271

Please review notaryproject/notation-go#271 first.

[patrickzheng200]

Dependency updated. PR ready to be reviewed/merged.

[shizhMSFT]

LGTM

[priteshbandi]

LGTM, you will need to resolve conflict before change can be merged