Adding a Sigstore indicator to dependencies

[robertlagrant]

Proposed Behavior:

Issue to explore DependencyTrack being able to indicate whether a dependency has a Sigstore signature detected. To better cyber risk assess the software supply chain.

See also: https://github.com/CycloneDX/specification/issues/155