Add auth flow option to KeyOpts.

[wlynch]

Summary

This change adds an option for callers to manually select the fulcio
auth flow to go through. This allows callers that don't fit into the
default heuristic to have some control over how cosign is invoked.

For now, this is only added as a KeyOpt and not a flag, since this is
currently only needed by tools calling the cosign libraries, not cosign
itself. Flags can be added on later if needed.

This change should not have any impact on existing cosign behavior.

Because there are no unit tests for fulcio.NewSigner at the moment,
this is difficult to test in a way that isn't trivial. This is probably a good
target to improve coverage as part of #1385

Signed-off-by: Billy Lynch billy@chainguard.dev

Ticket Link

Fixes #1785

Release Note

Users calling cosign via library can set the fulcio interactive flow used with KeyOpts.

[codecov-commenter]

Codecov Report

Merging #1827 (150e47b) into main (e74f180) will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1827      +/-   ##
==========================================
- Coverage   33.02%   33.01%   -0.02%     
==========================================
  Files         147      147              
  Lines        9347     9350       +3     
==========================================
  Hits         3087     3087              
- Misses       5906     5909       +3     
  Partials      354      354              

Impacted Files	Coverage Δ
cmd/cosign/cli/fulcio/fulcio.go	21.42% <0.00%> (-0.68%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e74f180...150e47b. Read the comment docs.