Request: Support STO verification for container images that were signed outside of STO.

Problem: Today, STO verification only works if the image was signed by STO. Many teams already sign images using other tools in their CI/CD pipelines. This requirement prevents them from using STO verification unless they change their existing signing process.

Proposed Solution: Allow STO verification to validate images signed by external signing tools or trusted authorities, instead of requiring STO to perform the signing.