Upload to cds enhancements

Description

• In the upload-to-cds job, the signed image is verified using cosign before it is uploaded to the CDS S3 bucket

  • If the verification fails, the job will exit and the image will not be uploaded to S3

• Since cosign verify does not work in staging, this step will be skipped.

• Tested this in prod with the Pipeline Runners Dev Repo

  • https://repo1.dso.mil/dsop/ironbank-pipelines/pipelines-runner-dev/-/jobs/32091849

Risk

Rollback Plan

Testing