Cosign verification support

[migmartri]

The tool could be able to verify the cosign signature of the source container images and Helm Charts both using an explicit public key provided as part of the configuration or via a rekor transparent log instance.

NOTE: Be aware that the container image verification could be implemented by relok8s itself and exposed through it's API vmware-tanzu/asset-relocation-tool-for-kubernetes#140

cc/ @tompizmor

[tompizmor]

Somehow I missed this issue when you create it.
Yes, it would be a nice feature!