cosign sign `--allow-insecure-registry` does not behave as expected over http/https proxy

[jkk-intel]

Description

Having --allow-insecure-registry should work for BOTH insecure and secure registries (as the name suggests "allow"). If --allow-insecure-registry flag is set, cosign will fail to resolve DNS for even secure registries (e.g. myregistry.azurecr.io)

e.g.

$ export HTTP_PROXY="mycorp.proxy.com"
$ export HTTPS_PROXY="mycorp.proxy.com"
$ cosign sign --key=cosign.key "myregistry.azurecr.io/my-image:some-tag"
Pushing signature to: myregistry.azurecr.io/my-image:some-tag
# WORKS !

$ export HTTP_PROXY="mycorp.proxy.com"
$ export HTTPS_PROXY="mycorp.proxy.com"
$ cosign sign --key=cosign.key --allow-insecure-registry "myregistry.azurecr.io/my-image:some-tag"
Error: signing [myregistry.azurecr.io/my-image:some-tag@sha256]: accessing image: Get "https://myregistry.azurecr.io/v2/": dial tcp: lookup myregistry.azurecr.io: no such host
main.go:74: error during command execution: signing [myregistry.azurecr.io/my-image:some-tag@sha256]: accessing image: Get "https://myregistry.azurecr.io/v2/": dial tcp: lookup myregistry.azurecr.io: no such host
# FAILS

Version

GitVersion:    v2.0.2
GitCommit:     871448050b924a7946ebe47678f23aae09ef432d
GitTreeState:  clean
BuildDate:     2023-04-24T17:31:42Z
GoVersion:     go1.20.3
Compiler:      gc
Platform:      darwin/amd64