sigstore
better error message when OIDC fails
Sigstore signing depends on many moving parts and sometimes one of them fails: this is acceptable. Currently projects that embed cosign can look a little bad though when this happens since the error messages don't make it clear what is failing.
A case I've seen multiple times is signing failing on GitHub because the GitHub OIDC provider is malfunctioning -- knowing that this is an issue on the GitHub service would be useful but currently it says: error signing scorecard results: getting key from Fulcio: fetching ambient OIDC credentials: invalid character 'u' looking for beginning of value (this example is from a ossf/scorecard-action workflow failure)
This fails in auth.ReadIDToken() My assumption is that the last part of the error comes from json parser: We could improve this by replacing json errors with something like Invalid identity token response from provider %s.
