sign: Include rekor entry ID in output

[stephen-fox]

Summary

cosign's sign* commands currently output a signature's transparency log index number (as of v2.2.4). As an enhancement, it would be helpful if cosign also output the rekor entry ID.

Details

rekor entries can be searched using an index number. However, the index number does not include the log tree (or "shard") ID. These identifiers are created by rekor log sharding.

The rekor entry ID consists of the shard ID and an entry-specific UUID (the latter appears to be the hash of the Merkle tree leaf). Knowing the entry ID allows end users to determine which shard the entry exists in.

It would be helpful to include it in cosign's output for informational and historical purposes.

A quick note on terminology

For those unfamiliar, the use of the term entry ID appears to be relatively recent. The original value was referred to as a "UUID". The rekor-cli still refers to the entry ID as a UUID. The following GitHub issues and pull requests provide some context for this change.

• https://github.com/sigstore/rekor/issues/625
• https://github.com/sigstore/rekor/pull/623
• https://github.com/sigstore/rekor/issues/353
• https://github.com/sigstore/rekor/issues/487

[haydentherapper]

SGTM, would you like to make the change?