Add configurable containerd level Sigstore container image signing requirements

[BobyMCbobs]

Suggestion

I'd like to be able to deploy a cluster which can only run workloads signed by a small selection of custom authorities (e.g kubernetes/release, Siderolabs, cert-manager, Cilium and my own keys).

Ideally I'd love to have offline binary-level authorization but this is the next best thing for today like macOS's Gatekeeper, GKE's Binary Authorization or santa.

Background

In Sigstore, there's the policy-controller project which works great for the most part but is too userland-y and needs Kubernetes ValidatingWebhook to function. It is rather slow and doesn't do caching.
Out of this project comes tester (aka policy-tester) which returns 0/1 whether an image matches a ClusterImagePolicy declaration.

containerd has an ImageVerifier plugin which calls a set of binaries in a specified folder which expect specific arguments. Once all the programs return 0, the images are pulled and cached on the node.

Progress

Today I wrote a small shim to connect containerd to policy-tester with the ImageVerifier plugin here: https://github.com/BobyMCbobs/containerd-image-verifier-sigstore and a Talos extension to install policy-tester and containerd-image-verifier-sigstore.

Uncertainties

1. Not all images are signed

talosctl images default | xargs -I{} sh -c 'echo {}; cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' -o text {}' sh

though, this is mitigated by caching and signing the images using a self-hosted registry.

2. If a ClusterImagePolicy is specified outta the box with the Talos Extension and all default images are signed, workloads will not run unless the default ClusterImagePolicy is updated

though, this should be resolved if configs are replaced.