Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries

[yizha1]

Description

This is a successor for feature request #275 to support distributing non-OCI artifacts and signatures via OCI compliant registries, also as described in the 2nd scenario. The new specifications should over:

• Storage of non-OCI artifacts and signatures in OCI compliant registries
• Verification workflow for non-OCI artifacts and signatures in OCI compliant registries

Benefits

• A new set of specifications that support new scenarios for securing software supply chains
• Ensuring compatibility and interoperability between different implementations that built per the new specifications
• Portability of non-OCI artifacts and signatures distributed via OCI compliant registries.

Proposed Solution

Additional Information

N/A