Add --signing-algorithm flag

[ret2libc]

Summary

Give the user the option to choose which signing algorithm to use when generating keypairs (#3271).

Code based on #4050 .

Release Note

Documentation

[ret2libc]

Shall we add the --signing-algorithm to the verify/verify-blob commands as well?

[haydentherapper]

Do we need a client algorithm registry for the sign path? There are roughly three places the client interacts with a key: Generation, signing, and verification.

For generation, it makes sense that the client specify which algorithms are supported for the generated key. This can be for both ephemeral and long-lived key generation.

For the verification path, supported algorithms could be a part of the verification policy, so that makes sense to allow a user to specify a set of trusted algorithms.

For signing, I'm not sure it's needed. When a key is provided, the user is specifying that's the key they want to use (whether it was generated ephemerally or self-managed). The backend (fulcio or rekor) could choose to reject it, which will be surfaced as a response error.

[haydentherapper]

Overall LGTM, I'll need to do a deep dive once this is out of draft but overall this seems solid. Can we add e2e tests that exercise generation, signing and verification?

[codecov]

Codecov Report

Attention: Patch coverage is 34.84163% with 144 lines in your changes missing coverage. Please review.

Project coverage is 36.28%. Comparing base (2ef6022) to head (06bafda).
Report is 363 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/cosign/keys.go	33.33%	43 Missing and 3 partials ⚠️
cmd/cosign/cli/sign/sign.go	6.97%	40 Missing ⚠️
cmd/cosign/cli/sign/sign_blob.go	43.85%	27 Missing and 5 partials ⚠️
pkg/cosign/tlog.go	46.15%	14 Missing ⚠️
cmd/cosign/cli/options/signblob.go	0.00%	5 Missing ⚠️
...cosign/cli/fulcio/fulcioverifier/fulcioverifier.go	0.00%	3 Missing ⚠️
pkg/signature/keys.go	71.42%	2 Missing ⚠️
cmd/cosign/cli/signblob.go	0.00%	1 Missing ⚠️
internal/pkg/cosign/common.go	83.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3497      +/-   ##
==========================================
- Coverage   40.10%   36.28%   -3.82%     
==========================================
  Files         155      210      +55     
  Lines       10044    13916    +3872     
==========================================
+ Hits         4028     5050    +1022     
- Misses       5530     8232    +2702     
- Partials      486      634     +148     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.