Add support for using a private Sigstore stack

[font]

Description

Some use-cases involve standing up a private instance of the Sigstore stack as users do not want to upload private data to the public good instance (PGI). For these cases, we need to support the signing of models using a private Sigstore stack of at least the Rekor transparency log, but could also include a private instance of a Fulcio CA for a private keyless auth flow.

[haydentherapper]

This should be straightforward to add, as sigstore-python supports providing URLs for the Rekor and Fulcio instances, along with either a URL for the TUF repo or a trusted root file.

[haydentherapper]

Here are more details: https://github.com/sigstore/sigstore-python?tab=readme-ov-file#configuring-a-custom-root-of-trust-byo-pki