Cosign should check Media Type of the layer before download of the signature

[Mukuls77]

Description

During signature verification cosign calculates the signature tag by using the artifact digest. ArtifactPath:sha256-Artifact Digest.sig
Using this tag cosign download the signature manifest.
once signature manifest is downloaded cosign start downloading the layers mentioned in the signature manifest file.
There should be a check to verify the Media Type of the layers it is downloading is matching to the expected media type of a signature layer "application/vnd.dev.cosign.simplesigning.v1+json"

Why this check is important is that if someone by mistake apply the signature Tag to an artifact which is not really a signature than cosign will start downloading all the layers present in that artifact to which Signature Tag is applied by mistake.
This can account to a huge download of data in cosign memory and eventually cosign will fail verification because the data was not actually a signature.
So proposed enhancement is to check MediaType before download of layers this will stop the erroneous layer download.
This will save from wrong data download and memory consumption.
This will also make system more robust for a change done by mistake in Registry related to signature tags

[loosebazooka]

Is there an actual example of this? Or we just preventing some sort of malicious denial of service?

[Mukuls77]

Is there an actual example of this? Or we just preventing some sort of malicious denial of service?

We were able to recreate this scenario by just moving the TAG of a signature to any other big artifact in the registry. this PR want to make sigstore more robust for any such scenarios which can happen by someone either by accident apply signature TAG on a non signature artifact or it could be a planned malicious attack.