Require bundle output or registry upload

[aaronlew02]

Depends on #4618

Closes #4534

Summary

This change requires that the user enable OCI registry upload (where applicable) or specify a bundle output path so that all signing events provide material with which the user can verify the signing event.

Release Note

This change applies only to users requesting a new-format bundle.

[codecov]

Codecov Report

❌ Patch coverage is 9.58231% with 368 lines in your changes missing coverage. Please review.
✅ Project coverage is 37.37%. Comparing base (2ef6022) to head (bcbb29e).
⚠️ Report is 710 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/cosign/cli/signcommon/common.go	0.00%	147 Missing ⚠️
cmd/cosign/cli/sign/sign.go	0.00%	73 Missing ⚠️
cmd/cosign/cli/attest/attest.go	0.00%	53 Missing ⚠️
cmd/cosign/cli/sign/sign_blob.go	38.88%	33 Missing and 11 partials ⚠️
cmd/cosign/cli/attest/attest_blob.go	28.20%	22 Missing and 6 partials ⚠️
pkg/cosign/bundle/sign.go	0.00%	5 Missing ⚠️
cmd/cosign/cli/attest.go	0.00%	3 Missing and 1 partial ⚠️
cmd/cosign/cli/attest_blob.go	0.00%	3 Missing and 1 partial ⚠️
cmd/cosign/cli/sign.go	0.00%	3 Missing and 1 partial ⚠️
internal/key/svkeypair.go	0.00%	3 Missing ⚠️
... and 2 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4785      +/-   ##
==========================================
- Coverage   40.10%   37.37%   -2.73%     
==========================================
  Files         155      220      +65     
  Lines       10044    12981    +2937     
==========================================
+ Hits         4028     4852     +824     
- Misses       5530     7396    +1866     
- Partials      486      733     +247     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.