add script to retrospectively sign any artifacts whose signatures are invalid or don't exist
General MR
Summary
This MR adds a pyproject.toml and python script to query a registry and sign all artifacts within the user-provided project using the user-provided key if no signatures are already present and valid. This supports big-bang&102 (closed), as we will need to have signatures on all artifacts before enforcing they have a valid signature by default with Kyvenro/Flux.
NOTE: This script does not get used in any pipelines, so if there is a more appropriate location for this, I can move it.
Relevant logs/screenshots
(Include any relevant logs/screenshots)
Closes #249 (closed)