Support detached SCTs

[haydentherapper]

Ah, something that I think may be missing for Fulcio verification is the possibility of a detached SCT header. The public good Fulcio instance will always provide an embedded SCT (promise of inclusion from the CT log). However, private deployments may either specify a detached SCT or exclude CT entirely (which is not ideal, but depends on the set up). I think we need a lightweight sigstore_fulcio.proto (or at least a message in common.proto) that provides a certificate chain and an optional detached SCT - like https://github.com/sigstore/fulcio/blob/main/fulcio.proto#L153

To abstract away Fulcio entirely, we could just wrap X509CertificateChain in another message, such as:

message SignedCertificateTimestamp {
  bytes sct = 1;
}

message CertificateVerifier {
  X509CertificateChain x509_certificate_chain = 1;
  // Optional, may be embedded in the leaf certificate in the chain
  SignedCertificateTimestamp sct = 2;
}

message VerificationMaterial {
        oneof content {
                PublicKeyIdentifier public_key = 1;
                CertificateVerifier certificate_verifier = 2;
        }
}

or as its own proto, but I like the idea that Fulcio isn't a requirement, it's just that you need a certificate chain (from fulcio or any CA) and an SCT (from fulcio or your own CT log)

See sigstore/cosign#1731 or sigstore/cosign#2382 for some comments on it.

Originally posted by @haydentherapper in #1 (comment)