Support for Sigstore Bundle Specification

[codysoyland]

Description

Policy-Controller currently supports verification of attestations/signatures generated using cosign sign/cosign attest, which attach signatures/attestations using the process described in the Cosign Signature Specification. In summary, this signature attachment scheme utilizes a Tag-based discovery mechanism where an image manifest (OCI Image Manifest V1) is created to reference a specific image digest, and each layer references a payload in either the Simple Signing (application/vnd.dev.cosign.simplesigning.v1+json) format or the DSSE (application/vnd.dsse.envelope.v1+json) format. Other data needed to perform verification is stored in annotations on the layer descriptor.

A newer specification for storing Sigstore Bundles has been accepted, which utilizes the OCI 1.1 Manifest Referrers API to attach Sigstore Bundles as referring artifacts to an image, which simplifies the storage/retrieval of attestations/signatures and enables use of the newer generation of Sigstore clients (e.g. sigstore-js, sigstore-python, and sigstore-go) to verify Sigstore Bundles. cosign currently lacks that ability, but there are plans to support it in the future. Additionally, GitHub Artifact Attestations attach Sigstore Bundles following the spec, and Policy-Controller is currently unable to verify these attestations.

I would like to add support for verifying image signatures/attestations using the new bundle spec in Policy-Controller. In order to do so without breaking existing usage, I propose we add a signatureFormat property to the Authority type, which could be one of [legacy, bundle] and would default to legacy. When the authority has the property signatureFormat: bundle, the controller would take an alternative code path which would implement the Sigstore Bundle spec to look up the attestations and verify them using sigstore-go. I am preparing a branch which implements the above scheme, and I hope to open a PR in the coming days.