Use Cosign and Sigstore to sign the images that are in the registry

[rcarrata]

• https://github.com/sigstore/cosign#registry-support

Possible Issue: Quay needs to be used, because the OCP Internal registry it's not supported.

[rcarrata]

Added in ACS the possibility to check directly the Cosign Image -> https://openshift-docs-i4nuv2png-kcarmichael08.vercel.app/openshift-acs/master/operating/verify-image-signatures.html#configure-signature-integration_verify-image-signatures

[MoOyeg]

Started this feature- https://github.com/MoOyeg/devsecops-demo.git. I will push when complete.

[rcarrata]

great!!! thanks for your work @MoOyeg++ !!