Add Rekor and Trillian as BB sandbox packages

Project

We will grant permissions to submit the proposal

Name: Add Rekor and Trillian as BB sandbox packages (https://docs.sigstore.dev/logging/installation/)

Desired Initial Maturity Level (Sandbox, Incubating, Graduated): Sandbox

Problem Statement (i.e. problem you wan to solve): IronBank team wants to deploy their own signing backend to record the history of every container and artifact we sign with cosign.

Description: Rekor is a service that cosign talks to under the hood which provides an immutable, tamper-resistant ledger of signing history and Trillian is a backend log service used by Rekor. These are under-the-hood pieces that cosign talks to when signing artifacts and IronBank wants to run our own instance so that we can keep our own records.

Initial Members:

• Riley O'Donnell @riley.odonnell