This commit adds a new environment variable, COSIGN_PKCS11_IGNORE_CERTIFICATE, which will skip loading certificates into a PKCS11 key when set to "1". This is desirable when you want to sign with a private key that has a certificate associated with it, but do not want that certificate to be included with the signature for verification. Certificates are already optional for keys from non-PKCS11 sources via the --certificate command line flag. Signed-off-by: dylrich <dylan.richardson@mongodb.com>
8b366c4