Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)

(podman push) and (podman manifest push) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.

That notably adds support for Fulcio and Rekor signing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

docs/source/markdown/podman-manifest-push.1.md.in

@@ -49,6 +49,11 @@ Delete the manifest list or image index from local storage if pushing succeeds.
 
 Sign the pushed images with a “simple signing” signature using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
+#### **--sign-by-sigstore**=*param-file***
+
+Add a sigstore signature based on further options specified in a containers sigstore signing parameter file *param-file*.
+See containers-sigstore-signing-params.yaml(5) for details about the file format.
+
 #### **--sign-by-sigstore-private-key**=*path*
 
 Sign the pushed images with a sigstore signature using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

docs/source/markdown/podman-push.1.md.in

@@ -87,6 +87,11 @@ Discard any pre-existing signatures in the image.
 
 Add a “simple signing” signature at the destination using the specified key. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
 
+#### **--sign-by-sigstore**=*param-file***
+
+Add a sigstore signature based on further options specified in a containers sigstore signing parameter file *param-file*.
+See containers-sigstore-signing-params.yaml(5) for details about the file format.
+
 #### **--sign-by-sigstore-private-key**=*path*
 
 Add a sigstore signature at the destination using a private key at the specified path. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)