Allow providing pre-computed file digests instead of requiring full model directory input

[SequeI]

Description

Currently, the model-signing tool requires the full model directory as input and computes all file digests internally before producing a Sigstore bundle. This works, but it creates unnecessary overhead when the file digests are already known, especially in OCI-based workflows.

Proposed Enhancement

Add an option to provide a list or mapping of file paths → digests directly to the signing tool. If digests are supplied, the tool should:

• use the provided digest values instead of reading and hashing the model files
• proceed to generate the Sigstore bundle using these digests

This would allow signing directly from OCI metadata (e.g., using digests extracted via skopeo inspect --raw ...) without requiring access to or re-hashing the underlying model blobs.

[SequeI]

❯ skopeo inspect --raw docker://quay.io/redhat-ai-services/modelcar-catalog@sha256:2ea60e936f823d40bdf8d69ddc3c673c2f74299bb905453e9b43926b8bf64dcf > test.json

❯ hatch run python -m model_signing sign --oci-manifest test.json model.sig
Waiting for browser interaction...
Opening in existing browser session.
Signing succeeded

❯ hatch run python -m model_signing verify --oci-manifest test.json sigstore --identity <> --identity_provider https://accounts.google.com/ --signature model.sig
Verification succeeded

Ugly in it's current state ofc since running a quick test, but does seem to work fine. Will clean this and push up a PR soonish

[mihaimaruseac]

I think this can work, but I'm curious on how it will play when digests are provided via the manifest but verification is done with the model locally.

[SequeI]

I think this can work, but I'm curious on how it will play when digests are provided via the manifest but verification is done with the model locally.

❯ skopeo inspect --raw docker://quay.io/asiek/oci_model@sha256:6907c004bc8efa7a3b1a45c8a1035a4f2f37002dcf58216ad168704b7238cc11 > test.json

❯ hatch run python -m model_signing sign test.json
Waiting for browser interaction...
Opening in existing browser session.
Signing succeeded

❯ hatch run python -m model_signing verify sigstore --identity <>@redhat.com --identity_provider https://accounts.google.com --signature model.sig bert-base-uncased
Verification succeeded

Well, it works which is cool. Manifest I pulled is a quick model artifact I made from bert-base-uncased. There is full compatibility now between ORAS style model artifacts and raw model files, signing and verifying between any combo