feat: attest support for Singularity images

[tri-adam]

Add support for syft attest with Singularity images. Re-factor the attestation code to separate the steps to generate and publish the signed attestation.

To test, I'm generating a test image with Singularity, for example:

$ singularity build alpine.sif docker://alpine
...

Then generating a signed attestation with Syft (requires the changes in this PR):

$ syft attest --output syft-json --key cosign.key singularity:alpine.sif > attestation.json
 ✔ Parsed image            
 ✔ Cataloged packages      [14 packages]

And finally, to verify the attestation and scan the SBOM with Grype:

$ grype attestation.json --key cosign.pub
 ✔ Vulnerability DB        [no update available]
 ✔ Attestation verified    
 ✔ Scanned image           [0 vulnerabilities]
No vulnerabilities found

Closes #1193

[spiffcs]

Hey @tri-adam! I saw all the checks have passed for this - do you want a review or did you have more to add on top of this PR. Noticed it was still in draft, but just wanted to reach out if you needed anything from our end!

[tri-adam]

Hey @tri-adam! I saw all the checks have passed for this - do you want a review or did you have more to add on top of this PR. Noticed it was still in draft, but just wanted to reach out if you needed anything from our end!

Hey @spiffcs, apologies for the slow response... just back from some travel. Just re-based, will push that and then (assuming the tests pass) will request a review. Thanks!

[tri-adam]

@spiffcs forgot to tag you... ready for a look when you have a chance. Thanks!