Merge pull request from GHSA-8gw7-4j42-w388

* wip

Signed-off-by: Asra Ali <[email protected]>

more tests

Signed-off-by: Asra Ali <[email protected]>

finish tests

Signed-off-by: Asra Ali <[email protected]>

Add explicit testcase for failure in verifytlogentry

Signed-off-by: Asra Ali <[email protected]>

add testing for invalid provided bundle fails

Signed-off-by: Asra Ali <[email protected]>

update

Signed-off-by: Asra Ali <[email protected]>

address hayden comments

Signed-off-by: Asra Ali <[email protected]>

update

Signed-off-by: Asra Ali <[email protected]>

* fix: verify RekorBundle payload references blob

Co-authored-by: Cody Soyland <[email protected]>
Co-authored-by: Asra Ali <[email protected]>

* Add test for invalid blob signature causing error

Signed-off-by: Hayden Blauzvern <[email protected]>

* Add tests for checking identity flags

Signed-off-by: Hayden Blauzvern <[email protected]>

* address bob's comment

Signed-off-by: Asra Ali <[email protected]>

* add comment on intoto multisig

Signed-off-by: Asra Ali <[email protected]>

Signed-off-by: Asra Ali <[email protected]>
Signed-off-by: Hayden Blauzvern <[email protected]>
Co-authored-by: Cody Soyland <[email protected]>
Co-authored-by: Hayden Blauzvern <[email protected]>