verify-attestation should support --platform argument

[querti]

Per my understanding, the use of SBOMs was deprecated and should be replaced by attestations. However, the verification of multiarch image attestations can be highly misleading for the end user. Comparison:
SBOMs:

cosign download sbom registry/repo/image:tag

This multiarch image does not have an SBOM attached at the index level.
Try using --platform with one of the following architectures:
linux/amd64, linux/arm64, linux/ppc64le

Error: no SBOM found attached to image index

attestations:

cosign verify-attestation registry/repo/image:tag

Error: no matching attestations:

I see two issues with this:

1. The user is not notified that attestations exist for the arch images
2. The user cannot specify the architecture whose attestation they want to get (with SBOMs this was possible with --platform argument)

The only way to get a multiarch image attestation is to specify the image via digest (if that even occurs to a user, since no hint was given). I don't think it's reasonable to expect this from the end users.

[lcarva]

@querti, last time I checked, there isn't a lot of guidance on what to do with Image Indexes, aka multi-arch images. I've explored this in the past and one of the approaches that seems reasonable is to attach multiple SBOMs to the Image Index.

Signing and attesting both Image Indexes and Image Manifests seems to be the most compatible option since an Image Index is eventually resolved to an Image Manifest upon usage. This allows verification at different points, for example.

It is probably a good idea to improve the error message when a signature/attestation is not found and the image reference is to an Image Index, like the download sbom command does. That sounds like useful information to users.