fix: Updating policy.json to properly verify images

[gmpinder]

We need to look into some workflow to handle properly verifying images before rebasing on a signed keyless image.

• https://www.mankier.com/5/containers-policy.json#Examples
• https://github.com/bsherman/ublue-custom/blob/main/.github/workflows/build.yml#L181-L191
• https://github.com/sigstore/root-signing/blob/main/repository/repository/root.json
• https://github.com/sigstore/sigstore/tree/main/pkg/tuf/repository/targets