feat: add support for oci1.1 cosign signatures(using referrers) (#1963)

- Cosign supports 2 types of signature formats:

	1. Using tag -> each new signature of the same manifest is
	added as a new layer of the signature manifest having that
	specific tag("{alghoritm}-{digest_of_signed_manifest}.sig")

	2. Using referrers -> each new signature of the same manifest is
	added as a new manifest

- For adding these cosign signature to metadb, we reserved index 0 of the
list of cosign signatures for tag-based signatures. When a new tag-based
signature is added for the same manifest, the element on first position
in its list of cosign signatures(in metadb) will be updated/overwritten.
When a new cosign signature(using referrers) will be added for the same
manifest this new signature will be appended to the list of cosign
signatures.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

pkg/common/common.go

@@ -27,6 +27,7 @@ const (
 	// same value as github.com/notaryproject/notation-go/registry.ArtifactTypeNotation (assert by internal test).
 	// reason used: to reduce zot minimal binary size (otherwise adds oras.land/oras-go/v2 deps).
 	ArtifactTypeNotation = "application/vnd.cncf.notary.signature"
+	ArtifactTypeCosign   = "application/vnd.dev.cosign.artifact.sig.v1+json"
 )
 
 var cosignTagRule = regexp.MustCompile(`sha256\-.+\.sig`)