add script to retrospectively sign any artifacts whose signatures are invalid or don't exist

General MR

Summary

This MR adds a pyproject.toml and python script to query a registry and sign all artifacts within the user-provided project using the user-provided key if no signatures are already present and valid. This supports big-bang&102 (closed), as we will need to have signatures on all artifacts before enforcing they have a valid signature by default with Kyvenro/Flux.

NOTE: This script does not get used in any pipelines, so if there is a more appropriate location for this, I can move it.

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Closes #249 (closed)