Add InsecureIgnoreSCT field to the keyless authorities

[hectorj2f]

Summary

InsecureIgnoreSCT flag in cosign cli was not supported in the policy-controller. There wasn't a way to specific this type of behavior for the keyless authorities. Therefore, we decided to add a new API field to handle SCT.

closes to: #505

Release Note

Documentation

[codecov-commenter]

Codecov Report

Merging #511 (ae4decf) into main (5449c8b) will decrease coverage by 0.17%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main     #511      +/-   ##
==========================================
- Coverage   56.38%   56.21%   -0.17%     
==========================================
  Files          42       42              
  Lines        4441     4454      +13     
==========================================
  Hits         2504     2504              
- Misses       1737     1747      +10     
- Partials      200      203       +3     

Impacted Files	Coverage Δ
...g/apis/policy/v1alpha1/clusterimagepolicy_types.go	0.00% <ø> (ø)
pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go	12.52% <0.00%> (-0.13%)	⬇️
...kg/apis/policy/v1beta1/clusterimagepolicy_types.go	0.00% <ø> (ø)
pkg/apis/policy/v1beta1/zz_generated.deepcopy.go	19.62% <0.00%> (-0.32%)	⬇️
pkg/webhook/validator.go	61.78% <0.00%> (-0.17%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[vaikas]

This one is indeed a bit tricky to test since Fulcio will upload to CTLog unless a special flag is given, so I can't think of a good way to really test this here.
Ideally, we'd do:

• Sign but skip the CTLog (can't do this with cosign today, you can ignore verifying, but Fulcio will upload)
• Have the policy that does not specify this new flag, should fail
• update policy to have insecureSkip and should pass.

Just jotting this down.