Rebase on Fedora 41

[samhclark]

Closes #9

Upgrade to Fedora 41. That part was pretty easy, mostly just ending the removal of gnome-nautilus-terminal and bumping the version everywhere.

While I'm at it, this add some config and instructions to allow this to be used as a verified registry.

Thought this would be a good time while I was doing the rebasing, although in retrospect, now that I know it was a two-stage rebase, that was probably not a good way to structure this.

[samhclark]

Something odd in that cosign output is that the identity.docker-reference and image.docker-manifest-digest are listed twice. Signed twice. Both with the same type cosign container image signature

[samhclark]

Maybe related? Doesn't quite seem related because the image seems signed. But just the Skopeo doesn't think so.

https://github.com/ublue-os/main/issues/643#issuecomment-2384184467

[samhclark]

https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md#:~:text=If%20disabled%2C%20the%20images%20are%20treated%20as%20if%20no%20attachments%20exist

Maybe need to make a /etc/containers/registries.d dir and a 50-docker.yaml inside it? So that skopeo knows to download sigstore attachments? https://www.answeroverflow.com/m/1209192000599892019

[samhclark]

https://www.answeroverflow.com/m/1209192000599892019 here, that looks weird. I didn't think that OIDC signing was broken, I thought that the names of things was weird though. Note to self in case I'm ever giving this a shot.

More references:

https://github.com/containers/image/issues/2027

https://github.com/containers/image/pull/2235