adding keyless way to sign the images

[cpanato]

Summary

• adding keyless way to sign the images

signing the images only for now with keyless because we have an issue when uploading the data to Rekor when trying to sign the blobs. As soon as that is fixed we can add keyless as well to the blobs.

rehearsal release can be found here: https://github.com/cpanato/cosign/releases/tag/v99.999.00-keyless

and the verify works now as well

$ export COSIGN_EXPERIMENTAL=1
$ cosign verify gcr.io/cpanato-general/sget:v99.999.00-keyless

Verification for gcr.io/cpanato-general/sget:v99.999.00-keyless --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

[{"critical":{"identity":{"docker-reference":"gcr.io/cpanato-general/sget"},"image":{"docker-manifest-digest":"sha256:9a5b6f8686d3b31965290de9ea97dc0b7308925d4a1c58982f1cace4a1791e2a"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEYCIQDnAdAKGbyGrSAtvNzY7lf+C9Ad88l/NBL4n0gLXwtpUAIhAPaL4dUfDWw+QbVouQZ9kBsx7NF1wTbZCm3o38TteXf2","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoicmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYjYyZTJmNjk2ZDllOGY5YjcyOGUyYjRmZTBlNjNkYTFjYjhkZDZlMDJmMzE3NTRiZTAyNWZjMmI4OGVhYjY1In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURDYmVleXJhZStEanRHdUF2bUowZzltUHVlb1M1Nm9PZ09Wa2I0cEoxSjN3SWdPZHdlcmZOMDJSZjlNU3ZMK0lGYzdLTlF0UmdrNVlHSEJXa0Fqay9hNm84PSIsImZvcm1hdCI6Ing1MDkiLCJwdWJsaWNLZXkiOnsiY29udGVudCI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVU4yYWtORFFXdFhaMEYzU1VKQlowbFZRVXMzUzJKeFlTdGphVFJsTTFONWRIWXljRlZ1WWpWdlpVNDBkME5uV1VsTGIxcEplbW93UlVGM1RYY0tTMnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVrVjNSSGRaUkZaUlVVUkZkMmg2WVZka2VtUkhPWGxhVkVGbFJuY3dlUXBOVkVWNFRWUm5lRTFxVlhwT1ZFNWhSbmN3ZVUxVVJYaE5WR2Q0VFhwRmVrNVVTbUZOUVVGM1YxUkJWRUpuWTNGb2EycFBVRkZKUWtKblozRm9hMnBQQ2xCUlRVSkNkMDVEUVVGU1JrTm5NM1J5YW1oUmQxaEhNQ3RVVDNod1MxVnROMkZ3WjBZMVFUYzJORWxoWVhaclJHRjRVRU5tYkhWNVdraHNhVXhrTDIwS05WbFhWVEJOYURsQ1UwdDJTVTFUYjBsT2RXeExiVkJrZG5KUVRXRnNiRFp2TkVsQ1kxUkRRMEZYTUhkRVoxbEVWbEl3VUVGUlNDOUNRVkZFUVdkbFFRcE5RazFIUVRGVlpFcFJVVTFOUVc5SFEwTnpSMEZSVlVaQ2QwMUVUVUYzUjBFeFZXUkZkMFZDTDNkUlEwMUJRWGRJVVZsRVZsSXdUMEpDV1VWR1FVNDRDak5yYkRGRGJsVlhLMFZRYlhJM2FVcHhZVEUzZDFJMVZFMUNPRWRCTVZWa1NYZFJXVTFDWVVGR1RXcEdTRkZDUW0xcFVYQk5iRVZyTm5jeWRWTjFNVXNLUW5SUWMwMUpSMDVDWjJkeVFtZEZSa0pSWTBKQlVWTkNaMFJDSzAxSWQwZERRM05IUVZGVlJrSjZRVU5vYmtKdlpFaFNkMDlwT0haalNFcHdaRzFHTUFwYVYwNW9URmRPZG1KdVVteGlibEYwVG1wQmVscHRWVE5hVkdOMFRVUkJkMDFETUhsTmFra3pURmRLYlU1NlZYUmFhbEp0VGxkVk5FMUhVWGxQVkZVd0NreHVUakJpTTBwb1dqSlZkVm95T1haYU1uaHNXVmhDY0dONU5XcGlNakIyV1RKRmVrNXRSWGhhVkdzeVRXcFJlVmxxYkcxWk1rbDRUa1JaZGxreVJYVUtXVE5LTUUxRU1FZEJNVlZrUlZGRlFpOTNVWHBOUkVkQ1RESjBiR1ZYZUd4ak0wNUJXVE5DYUdKdFJqQmllVEZ1V2xjMWJHTnRSbk5NYld4b1lsTTFiZ3BqTWxaNVpHMXNhbHBYUm1wWk1qa3hZbTVSZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSVWN5YURCa1NFSjZUMms0ZGxsWFRtcGlNMVoxQ21SSVRYVmFNamwyV2pKNGJFeHRUblppVkVGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYmtGRVFtdEJha0pLWTBjcmFVTnlWWEJrUXpBMU5XNTJlWFppVG0wS09HMUpSbEJYTW5GNFNuWkhWVmRETVd4VGQyeG1Oa1oyWjB0T2FtdHFTbEYwVkdOTU9XMVhMMDB4U1VOTlIzZE9NMU5zZEZKeWRTdHFRblIzZUU1M1JBcDBZWGh1ZWtjdlIydGljVlp2WkU0NWQyRkpRVzR3YjJWbGFIaFRUWEJNVG5wbFFVbEdRMGxxT1ZCR1MwSlJQVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0=","integratedTime":1637240034,"logIndex":868418,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"GIT_HASH":"2e65400dd16eefae299a5e310abd3f6b618c0bdc","GIT_VERSION":"v99.999.00-keyless","Issuer":"https://accounts.google.com","Subject":"keyless@cpanato-general.iam.gserviceaccount.com"}}]

Ticket Link

Fixes #1055

Release Note

adding keyless way to sign the images