cosign has quickly become the container signing solution of choice. We should write out an RFC detailing out various integration points with cosign and buildpacks (image signing, sbom attachment, sbom signing) either with pack or the lifecycle directly.