add handling of keyless verification for all verify commands

[dmitris]

Summary

Copy the handling of non-Fulcio keys from the verify to all the other verify commands (verify-attestation, verify-blob, verify-blob-attestations).

Currently the large code snippets for the if keylessVerification(c.KeyRef, c.Sk) { code are copied verbatim into several files (yikes!) - the intention is to factor this out into a helper function.

Fix #3759.

Release Note

• add keyless verification and --ca-roots / --ca-intermediates parameters to the verify-attestation, verify-blob, and verify-blob-attestations commands (in addition to verify)

Documentation

TODO - create a corresponding https://github.com/sigstore/docs PR

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 66.66667% with 26 lines in your changes missing coverage. Please review.

Project coverage is 37.05%. Comparing base (2ef6022) to head (4c31442). Report is 146 commits behind head on main.

Files	Patch %	Lines
cmd/cosign/cli/verify.go	40.00%	9 Missing :warning:
cmd/cosign/cli/verify/verify.go	89.79%	4 Missing and 1 partial :warning:
pkg/oci/static/options.go	0.00%	5 Missing :warning:
cmd/cosign/cli/verify/verify_blob.go	40.00%	2 Missing and 1 partial :warning:
cmd/cosign/cli/verify/verify_attestation.go	0.00%	2 Missing :warning:
cmd/cosign/cli/verify/verify_blob_attestation.go	0.00%	1 Missing and 1 partial :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #3761 +/- ## ========================================== - Coverage 40.10% 37.05% -3.05% ========================================== Files 155 200 +45 Lines 10044 12283 +2239 ========================================== + Hits 4028 4552 +524 - Misses 5530 7183 +1653 - Partials 486 548 +62 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.