verify-attestation should support --platform argument

[querti]

Per my understanding, the use of SBOMs was deprecated and should be replaced by attestations. However, the verification of multiarch image attestations can be highly misleading for the end user. Comparison: SBOMs:

cosign download sbom registry/repo/image:tag

This multiarch image does not have an SBOM attached at the index level.
Try using --platform with one of the following architectures:
linux/amd64, linux/arm64, linux/ppc64le

Error: no SBOM found attached to image index

attestations:

cosign verify-attestation registry/repo/image:tag

Error: no matching attestations:

I see two issues with this:

1. The user is not notified that attestations exist for the arch images
2. The user cannot specify the architecture whose attestation they want to get (with SBOMs this was possible with --platform argument)

The only way to get a multiarch image attestation is to specify the image via digest (if that even occurs to a user, since no hint was given). I don't think it's reasonable to expect this from the end users.