chore: validate images from registry via Pepr (impl)

[btlghrants]

Description

Working through how we might accomplish validating image signatures against pubkeys derived from the OCI registries that serve them.

Relates to #1240

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Other (security config, docs update, etc)

Checklist before merging

• Unit, Journey, E2E Tests, docs, adr added or updated as needed
• Contributor Guide Steps followed

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/[email protected]	None	0	8.29 kB	types
npm/[email protected]	network	0	29.9 kB	rubenverborgh
npm/[email protected]	Transitive: environment, filesystem, network, shell	+85	7.94 MB	bdehamer

View full report↗︎

[codecov]

Codecov Report

Attention: Patch coverage is 82.87671% with 25 lines in your changes missing coverage. Please review.

Project coverage is 79.69%. Comparing base (ea99815) to head (f28aeff).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/sdk/cosign.ts	81.39%	24 Missing ⚠️
src/sdk/heredoc.ts	94.11%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1262      +/-   ##
==========================================
+ Coverage   79.43%   79.69%   +0.25%     
==========================================
  Files          38       40       +2     
  Lines        1799     1945     +146     
  Branches      391      411      +20     
==========================================
+ Hits         1429     1550     +121     
- Misses        368      393      +25     
  Partials        2        2              

Files with missing lines	Coverage Δ
src/sdk/heredoc.ts	94.11% <94.11%> (ø)
src/sdk/cosign.ts	81.39% <81.39%> (ø)