Allow configurable interactive modes

[wlynch]

Description

When toying around with calling cosign from other tools, I noticed that cosign can hang when it's invoked with keyless enabled.

e.g. if you do something like

func main() {
        os.Setenv("COSIGN_EXPERIMENTAL", "1")
        out, err := exec.Command("cosign", "sign-blob", "a.txt").CombinedOutput()
        fmt.Println(string(out), err)
}

IIUC, this happens because of how cosign detects interactive-ness for commands -

cosign/cmd/cosign/cli/fulcio/fulcio.go

Lines 124 to 133 in f2c360e

	var flow string
	switch {
	case idToken != "":
	flow = FlowToken
	case !term.IsTerminal(0):
	fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.")
	flow = FlowDevice
	default:
	flow = FlowNormal
	}

i.e. there is no ID token present and there's no terminal, so prompt for device flow, but stderr/stdout won't print until the command has completed so the command hangs waiting for the input that will never come. If the flow is forcibly set to FlowNormal, the regular browser based flow would still work and the command can complete.

For this particular case, the answer would be to use Stdout/StderrPipe to plumb through the message during execution or just call the cosign funcs directly, but I originally encountered this when trying to invoke cosign through Git plugins (#865 (comment)) where this won't be possible without an upstream change to git itself.

As a workaround, I'd like to make interactive flow mode configurable to allow callers to select the flow they want. This way for tools that can't pipe stdout/stderr can still have an option to send users through a normal interactive flow if they choose (else fall back to the existing behavior).

Also open to other ideas if you have them!