`--output` global directive does not work as intended in gamma release branch

[Gregory-Pereira]

Havent been looked to see if this is an issue in beta branch but when I add the --output directive to a cosign sign call it doesnt give any logs to the output file, wether the signing command works or does not. Example:

cosign initialize --mirror=$TUF_URL --root=$TUF_URL/root.json
cosign --output-file=/tmp/test-output sign registry.access.redhat.com/ubi9/s2i-base@sha256:d3838e6e26baa335556eb04f0af128602ddf7b57161d168b21ed6cf997281ddb \
    --yes \
    --rekor-url=$REKOR_URL/test \
    --fulcio-url=$FULCIO_URL \
    --oidc-issuer=$OIDC_ISSUER_URL \
    --upload=false 

This command creates an empty /tmp/test-output file, but it should log my errors because the /test path on my --rekor-url directive. This is the error logs I see in my terminal:

cosign --output-file=/tmp/test-output sign registry.access.redhat.com/ubi9/s2i-base@sha256:d3838e6e26baa335556eb04f0af128602ddf7b57161d168b21ed6cf997281ddb \
    --yes \
    --rekor-url=$REKOR_URL \
    --fulcio-url=$FULCIO_URL/test \
    --oidc-issuer=$OIDC_ISSUER_URL \
    --upload=false
Generating ephemeral keys...
Retrieving signed certificate...

	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
	This may include the email address associated with the account with which you authenticate your contractual Agreement.
	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.

By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
Your browser will now be opened to:
https://keycloak-keycloak-system.apps.ablock-grpereir.devcluster.openshift.com/auth/realms/sigstore/protocol/openid-connect/auth?access_type=online&client_id=sigstore&code_challenge=X7YN-vRXLSevU5rtJ4XPgWpyTW-jrQb1XmX5K7vWSDQ&code_challenge_method=S256&nonce=2ZeA4sfQcngAWzaUxJTer5129dM&redirect_uri=http%3A%2F%2Flocalhost%3A49527%2Fauth%2Fcallback&response_type=code&scope=openid+email&state=2ZeA4rQdXsrZjGitpxp2LeBpyIO
Error: signing [registry.access.redhat.com/ubi9/s2i-base@sha256:d3838e6e26baa335556eb04f0af128602ddf7b57161d168b21ed6cf997281ddb]: getting signer: getting key from Fulcio: retrieving cert: POST https://fulcio.apps.ablock-grpereir.devcluster.openshift.com/test/api/v1/signingCert returned 404 Not Found: "{\"code\":5, \"message\":\"Not Found\", \"details\":[]}"
main.go:74: error during command execution: signing [registry.access.redhat.com/ubi9/s2i-base@sha256:d3838e6e26baa335556eb04f0af128602ddf7b57161d168b21ed6cf997281ddb]: getting signer: getting key from Fulcio: retrieving cert: POST https://fulcio.apps.ablock-grpereir.devcluster.openshift.com/test/api/v1/signingCert returned 404 Not Found: "{\"code\":5, \"message\":\"Not Found\", \"details\":[]}"

Can verify that cosign intialize was properly called prior to this error, so it should not be a configuration error. The same empty file appears even if there is no signing error.

/cc @osmman