require environment variables for cosign object
Description
cosign objects will require the following CI variables to be present which will allow us to move away from the hard-coded paths in GitLab:
KMS_KEY_SHORT_ARN
COSIGN_CERT
COSIGN_PUBLIC_CERT
COSIGN_PUBLIC_KEY
COSIGN_CERTIFICATE_CHAINRisk
If the variables aren't added to GitLab CI vars then there can be resultant failures in image verification and signing.
Rollback Plan
Roll forward with the fix identified, or roll back to prior commit
Testing
Tested in IL5 production: ubi9-il5-test, downstream-test projects additionally tested in IL2 prod w/cds edge-case: https://repo1.dso.mil/dsop/ironbank-pipelines/pipelines-runner-dev/-/pipelines/2988421