fix: add enhanced error messages for failing verification with TUF targets

[asraa]

Fixes #2588

This adds some detailed erorr messages when a matching Rekor/CT key is not found for a target or when certificate chain validation fails. This points users to checking their TUF roots or giving the alternative to set a custom trusted key.

Note: I cannot do this validation before actually inspecting the artifact that needs to be validated, so these errors are inside the verification stack (and not at TUF target collection)

Signed-off-by: Asra Ali asraa@google.com

Summary

Release Note

Documentation

[codecov-commenter]

Codecov Report

Merging #2589 (89ea82a) into main (59921bb) will increase coverage by 0.03%.
The diff coverage is 81.25%.

@@            Coverage Diff             @@
##             main    #2589      +/-   ##
==========================================
+ Coverage   30.80%   30.84%   +0.03%     
==========================================
  Files         144      144              
  Lines        8736     8741       +5     
==========================================
+ Hits         2691     2696       +5     
  Misses       5654     5654              
  Partials      391      391              

Impacted Files	Coverage Δ
pkg/cosign/tlog.go	39.19% <0.00%> (ø)
pkg/cosign/verify_sct.go	50.58% <85.71%> (+3.08%)	⬆️
pkg/cosign/verify.go	39.41% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.