chore: add warning when downloading a sBOM

[hectorj2f]

Signed-off-by: hectorj2f hectorf@vmware.com

Summary

This PR adds a warning to users when downloading sBOMs.In order to ensure tamper-proof sBOMs and validate its authenticity, sigstore recommends to download the attestations that include the sBOMs or validate their signatures if signed.

Related to this RFC ##1742

Ticket Link

Fixes

Release Note

[codecov-commenter]

Codecov Report

Merging #1763 (38ef2b6) into main (70a3d8c) will decrease coverage by 0.00%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1763      +/-   ##
==========================================
- Coverage   30.59%   30.59%   -0.01%     
==========================================
  Files         143      143              
  Lines        8658     8659       +1     
==========================================
  Hits         2649     2649              
- Misses       5710     5711       +1     
  Partials      299      299              

Impacted Files	Coverage Δ
cmd/cosign/cli/download.go	0.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 70a3d8c...38ef2b6. Read the comment docs.