implement IRSA for cosign

Description

Related to modules MR ironbank-modules!46 (merged) which removes the AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID CI var dependencies.

Adds KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: sign to harbor.yaml. The IRSA for supporting this was completed via terraform in https://repo1.dso.mil/ironbank-tools/infra/ironbank-bootstrap/-/merge_requests/1190

Risk

Risk of all container signatures breaking for one cycle once we bump IB_MODULES_TAG to include this MR.

Rollback Plan

The user with access to the KMS key still exists in our AWS account, so it will simply be a matter of reverting the IB_MODULES_TAG and restoring the COSIGN_AWS_ACCESS_KEY_ID and COSIGN_AWS_SECRET_ACCESS_KEY CI vars under /dsop.

Testing

This was tested in Mario and also in the pipelines-runner-dev project.