Cosign verification support #139
Description
The tool could be able to verify the cosign signature of the source container images and Helm Charts both using an explicit public key provided as part of the configuration or via a rekor transparent log instance.
NOTE: Be aware that the container image verification could be implemented by relok8s itself and exposed through it's API vmware-tanzu/asset-relocation-tool-for-kubernetes#140
cc/ @tompizmor