feat: add support for oci1.1 cosign signatures(using referrers) (#1963)

- Cosign supports 2 types of signature formats:

	1. Using tag -> each new signature of the same manifest is
	added as a new layer of the signature manifest having that
	specific tag("{alghoritm}-{digest_of_signed_manifest}.sig")

	2. Using referrers -> each new signature of the same manifest is
	added as a new manifest

- For adding these cosign signature to metadb, we reserved index 0 of the
list of cosign signatures for tag-based signatures. When a new tag-based
signature is added for the same manifest, the element on first position
in its list of cosign signatures(in metadb) will be updated/overwritten.
When a new cosign signature(using referrers) will be added for the same
manifest this new signature will be appended to the list of cosign
signatures.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

pkg/storage/local/local_test.go

@@ -2154,6 +2154,15 @@ func TestGarbageCollectForImageStore(t *testing.T) {
 			err = WriteImageToFileSystem(notationSig, repoName, "notation", storeController)
 			So(err, ShouldBeNil)
 
+			// add fake signature for tag1
+			cosignWithReferrersSig := CreateImageWith().
+				RandomLayers(1, 10).
+				ArtifactConfig(common.ArtifactTypeCosign).
+				Subject(img.DescriptorRef()).Build()
+
+			err = WriteImageToFileSystem(cosignWithReferrersSig, repoName, "cosign", storeController)
+			So(err, ShouldBeNil)
+
 			err = gc.CleanRepo(repoName)
 			So(err, ShouldBeNil)
 		})