BUG docs haven't been updated to say that Signed-Releases looks for .sigstore bundles.

[cpswan]

Describe the bug
#3772 introduced .sigstore to the Signed-Releases check but the documentation doesn't mention it.

Reproduction steps
Steps to reproduce the behavior:

1. Take a look at

   scorecard/docs/checks.md

   Lines 594 to 597 in 90a3708

   	This check looks for the following filenames in the project's last five
   	[release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
   	[*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
   	*.sig, *.sign, [*.intoto.jsonl](https://slsa.dev).

2. Then

   scorecard/probes/releasesAreSigned/impl.go

   Line 38 in 90a3708

   var signatureExtensions = []string{".asc", ".minisig", ".sig", ".sign", ".sigstore"}

Expected behavior
Documentation matches code

Additional context
Check doesn't seem to work as expected with .sigstore bundles #3913

[spencerschrock]

Are you interested in sending a PR? We have instructions for updating documentation:
https://github.com/ossf/scorecard/blob/main/CONTRIBUTING.md#updating-docs

[cpswan]

@spencerschrock yeah, I'm happy to do a docs PR, so please assign to me.

Though should we wait for the functionality to be released before the docs are updated?