Only upload sigstore signatures to the sigstore tag schema

[mtrmac]

... not to registries with X-R-S-S (that would immediately fail, when uploading to such a registry, with no opt-out), and not to lookaside (that would work if users set up lookaside).

Before this PR, if the image had any non-sigstore signatures, we would upload both the non-sigstore and sigstore signatures to lookaside.

@mheon @TomSweeneyRedHat PTAL. The bug has been that way for 2.5 years. I think the combination of required circumstances (an image must have both kinds of signatures, and the user must have configured lookaside, not use of sigstore tags, while somehow requiring sigstore signatures) makes it unlikely that users would rely on it, but I can’t quite rule it out.