Email search should also search workload identities #35
Description
After that PR is released (edit: which just happened! 🎉 ), you'll be able to search Rekor for non-email identities like https://github.com/distroless/static/.github/workflows/release.yaml@refs/heads/main (from this rekor entry), which means it was signed by a GitHub Actions workflow.
That might mean Email should change to Identity, and validate inputs more loosely.
It'd be great to do a partial search ("anything built by https://github.com/distroless/static/*"), but I'm not sure if Rekor accepts that.
(Say, it'd be cool to search for anything signed by *@chainguard.dev, while we're at it)