This commit adds a new environment variable,
COSIGN_PKCS11_IGNORE_CERTIFICATE, which will skip loading certificates
into a PKCS11 key when set to "1". This is desirable when you want to
sign with a private key that has a certificate associated with it, but
do not want that certificate to be included with the signature for
verification. Certificates are already optional for keys from non-PKCS11
sources via the --certificate command line flag.

Signed-off-by: dylrich <dylan.richardson@mongodb.com>