feat: support keyless signing of Goreleaser images
Part of #24
Adds support for cosign to perform keyless signing of Goreleaser images.
This follows the recent change to use keyless signing on Docker images: https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/docker.md#signing-and-verification
GitLab provides some documentation on using this: https://docs.gitlab.com/ee/ci/yaml/signing_examples.html
A downstream example of this change in action in the pmv project: binary artefacts and docker images signed with this change: pmv!432 (merged)
Example of this goreleaser signing in action: https://gitlab.com/gitlab-com/gl-infra/pmv/-/jobs/7631498351
Edited by Andrew Newdigate