feat(db): sign db artifact with cosign

[ShubhamPalriwala]

Closes #205

Introduces cosign as a signing artifact tool to sign our DB on the GHCR. The signatures are pushed to a new repo, "trivy-db-signatures" to avoid populating the db CR with signatures.

Before merging, the following steps are needed to be performed by the maintainer:

1. Install cosign and generate a public-private key pair with the command

cosign generate-key-pair

2. Add the cosign.pub in our repo as cosign.pub in main dir (so that our users can fetch it to verify the builds)

3. The password used to generate the key pair shooul be stored as:
   GitHub Repo secret
   key: COSIGN_PRIVATE_KEY_PASSWORD
   value:

4. And the provate key generated should be stored as:
   GitHub Repo secret:
   key: COSIGN_PRIVATE_KEY
   value:
   make sure there's not an empty line at the end.

And after merging the PR and the signature being pushed, make the repo trivy-db-signatures public.

[ShubhamPalriwala]

@knqyf263 Can you please take a look at this and let me know if I have to make any changes?