OCI artifact referrers should be listed in the `index.json` of an OCI-layout

[Silvanoc]

Description

Cosign v3 "attaches" the generated signature to an OCI artifact through a referrer/subject relationship. But the OCI-layout index.json is only listing the manifest of the signed artifact. As a consequence:

• the existence of such a relationship is not visible at all at OCI layout level
• it can only be found scanning all the blobs of the OCI layout

It would be meaningful having the referrers (at least cosign signature) being listed in the OCI layout index.json. Additionally it would be helpful to have those entries providing the subject field, making that way the whole relationship explicit at index.json level.

All the information is being gathered anyway to be able to save everything:

• the referrers are identified to be able to fetch the signature with the artifact
• the content of the manifests is partially used to generate the index.json

[Silvanoc]

For example, Cosign currently generates something like this

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "size": 427,
      "digest": "sha256:<container-image-digest>",
      "annotations": {
        "kind": "dev.cosignproject.cosign/image"
      }
    }
  ]
}

And I'd like to propose having something similar to what ORAS does, and even better:

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "size": xxx,
      "digest": "sha256:<container-IMAGE-digest>",
      "annotations": {
        "org.opencontainers.image.ref.name": "latest",
        "kind": "dev.cosignproject.cosign/image"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:<cosign-SIGNATURE-digest>",
      "size": yyy,
      "annotations": {
        "dev.sigstore.bundle.content": "dsse-envelope",
        "dev.sigstore.bundle.predicateType": "https://sigstore.dev/cosign/sign/v1",
        "org.opencontainers.image.created": "2026-01-01T00:00:00Z"
      },
      "subject": "sha256:<container-IMAGE-digest>",
      "artifactType": "application/vnd.dev.sigstore.bundle.v0.3+json"
    }
  ]
}

With such an index, both a human and a program can:

1. Recognize which are the manifests of the "attachments" (like the Cosign signatures) and which are the entry manifests (those without the subject field).
2. Have full visibility of all manifests, without needing to scan the whole repository.

To be honest, with the proposed approach, I even doubt that the kind annotation is really needed. I don't see a real value. But I don't know how you are deprecating these things.

[cck1860]

Would be great having also the possibility to verify oras backup --include-referrers OCI layouts by using cosign verify --local-image=true . ... since it looks like that cosign save doesn't load oras file blobs being attached to signed images.