feat: move cosign to be a built in verifier

[akashsinghal]

Description

What this PR does / why we need it:

• creates new cosign package in verifier package so cosign is a built in verifier
• implements verifier factory and verifier interfaces to be compliant
• deletes cosign plugin implementation (there will be NO changes from a user POV)
• updates go releaser to remove cosign binary publishing and introduces missing vulnerability report binary publishing
• updates all docs/guides to remove plugin cosign reference

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes #1299

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

• Test A
• Test B

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[codecov]

Codecov Report

Attention: Patch coverage is 73.46939% with 39 lines in your changes are missing coverage. Please review.

Project coverage is 65.13%. Comparing base (45c0f81) to head (94349c2).
Report is 35 commits behind head on main.

Files	Patch %	Lines
pkg/verifier/cosign/cosign.go	73.46%	21 Missing and 18 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1343      +/-   ##
==========================================
+ Coverage   61.60%   65.13%   +3.53%     
==========================================
  Files          98      104       +6     
  Lines        6248     5430     -818     
==========================================
- Hits         3849     3537     -312     
+ Misses       2066     1536     -530     
- Partials      333      357      +24     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[susanshi]

LGTM. thanks!

[susanshi]

probably also need to add the sbom verifier here too, but can be different PR.

[akashsinghal]

I think we're already covered? I found a pre-existing SBOM publishing step on Line 24.