require an explict setting for signer (rekor & fulcio) rather than an implicit default of memory

[bobcallaway]

Description

We've had several users be surprised by the behavior of both rekor & fulcio (as deployed by the helm charts) where the default signer is the memory option - this is nice for testing purposes, but not great for actual deployments where you would want a longer-lived key to be used (via KMS, HSM, etc).

We should remove the implicit default and require users to explicitly select one.