SigstoreKey: Handle import errors like Signer

Note that this still raises VerificationError just like before
(and not UnsupportedLibraryError like Signers do).

Author: jku

securesystemslib/signer/_sigstore_signer.py

@@ -65,7 +65,10 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
             from sigstore.models import Bundle
             from sigstore.verify import Verifier
             from sigstore.verify.policy import Identity
+        except ImportError as e:
+            raise VerificationError(IMPORT_ERROR) from e
 
+        try:
             verifier = Verifier.production()
             identity = Identity(
                 identity=self.keyval["identity"], issuer=self.keyval["issuer"]