Kurator Artifact Signing Implementation

[Xieql]

What would you like to be added:

An increasing number of cloud-native initiatives are integrating cosign for artifact signing and verification. It would be beneficial to have Kurator images signed with it.

Why is this needed

It would aid in implementing supply chain security practices for users.

[hzxuzhonghu]

We need not just cosign, we should analyze the SLSA requirements. And list the whole tasks we need to do