Add ability to verify signatures performed with Cosign v3 in our policies

[viccuad]

As explained in https://www.kubewarden.io/blog/2025/10/kubewarden-1.30-release,
due to the migration of Cosign from v2 to v3, the verify-image-signatures-policy and the cel-policy sigstore verification host calls are not able to verify signatures performed with Cosign v3.

Acceptance criteria

• Ensure sigstore-rs supports the new bundle format of Cosign v3. There are already some PRs related to this work, see here
• Consume sigstore-rs on policy-fetcher/policy-sdk-rust
• Consume policy-sdk-rust if needed on policies and tag new releases. Remove README.md notes stating that they only validate cosign v2 signatures.

[jvanz]

@viccuad I'm adding you as assignee here as well. Because we are all taking a look in the sigstore-rs changes. ;)

[jvanz]

@flavio I'm adding you as assignee on this issue because, as we discussed in our daily call, you and @viccuad needs to take care of the sigstore-rs changes. ;)