Unclear Cosign Logging

[thebeanogamer]

commands/build.rs's check_cosign_files has some logic errors in its logging I think.

    match env::var(COSIGN_PRIVATE_KEY).ok() {
        Some(cosign_priv_key) if !cosign_priv_key.is_empty() && Path::new(COSIGN_PATH).exists() => {
            <Signing happens here>
        }
        _ => {
            warn!("{COSIGN_PATH} doesn't exist, skipping cosign file check");
            Ok(())
        }
    }

Even if the file on COSIGN_PATH exists, if the COSIGN_PRIVATE_KEY environment variable isn't set then the log message will say it doesn't exist.

This caused me some headaches whilst setting up container signing, but I'm happy to fix it myself. Just raising this issue so there's some tracking for it.

[gmpinder]

Yeah I think this should be better. I think instead we can fail right away if both the private and public key aren't available. I'll also add a --no-sign flag to skip over this check and signing the image if the user want's to do it that way.