Loosen verification predicate type + better error messages

[vaikas]

Summary

Loosen the policy validation restrictions. With the move to strict RFC3986 and the fact that some of the existing attestations out there are still using the non conformant predicate types, allow validating them with non-conformant predicate types.
Also, to aid folks with the 'guess-the-existing-predicate-type' game :) if attestations are found, but they do not match the predicate type that is being looked for, print out the predicates that were found. Hope is that this will make the migration from non conformant predicate types little easier.

Release Note

Documentation

[codecov]

Codecov Report

Merging #2737 (fa59a94) into main (f9d8e5d) will decrease coverage by 0.08%.
The diff coverage is 25.00%.

@@            Coverage Diff             @@
##             main    #2737      +/-   ##
==========================================
- Coverage   29.62%   29.55%   -0.08%     
==========================================
  Files         151      151              
  Lines        9641     9648       +7     
==========================================
- Hits         2856     2851       -5     
- Misses       6348     6358      +10     
- Partials      437      439       +2     

Impacted Files	Coverage Δ
cmd/cosign/cli/verify/verify_attestation.go	3.34% <0.00%> (-0.09%)	⬇️
pkg/policy/attestation.go	31.57% <25.92%> (-6.06%)	⬇️
cmd/cosign/cli/verify/verify_blob_attestation.go	33.48% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[hectorj2f]

lgtm, thanks. I truly believe we need this change in before releasing v2.0.0.

[mattmoor]

Awesome, I think this will be super helpful for folks.

[mattmoor]

cc @priyawadhwa @znewman01 for thoughts on v2

[haydentherapper]

+1 to this, breaking verification for existing attestations is not ideal. This should go in 2.0

[hectorj2f]

Okay. I just talked to @priyawadhwa ✅ . I'm merging this change as it seems everyone approved it.