Allow to fetch signatures by signed entity.

[dhaus67]

Summary

When using cosign as a dependency and attempting to fetch signatures for a specific signed entity, the signed entity is always fetched from the registry.

In case the signed entity has been fetched previously, it'd be nice to introduce a function similar to the FetchAttestations that allows to fetch signatures from the signed entity directly, without reaching out to the registry to fetch the signed entity beforehand.

With the current changes in the PR, the error will now not include the reference anymore. However, the changes were also made to FetchAttestations in the same way.
If we want to include this information, we may wrap the returned error from FetchAttestations/FetchSignatures with the reference, so the content of the error will stay the same.

Release Note

NONE

[codecov]

Codecov Report

Merging #3007 (12d0241) into main (65eb28a) will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #3007      +/-   ##
==========================================
- Coverage   30.23%   30.23%   -0.01%     
==========================================
  Files         151      151              
  Lines        9478     9480       +2     
==========================================
  Hits         2866     2866              
- Misses       6167     6169       +2     
  Partials      445      445              

Impacted Files	Coverage Δ
pkg/cosign/fetch.go	0.00% <0.00%> (ø)

[github-actions]

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions]

This PR was closed because it has been stalled for 10 days with no activity.

[janisz]

Recreated in #4047