feat(cosign): Support Cosign v3 Bundle signature format

[Aloui-Ikram]

This PR adds support for the new Cosign signature format introduced in v2.6+ (and made default in v3.0+).

The Problem:
Cosign changed its default signature format to the OCI 1.1 Bundle format with the media type:
application/vnd.dev.sigstore.bundle.v0.3+json

Harbor's Subject Middleware currently only recognizes the legacy Cosign media type. As a result, new signatures are classified as generic subject.accessory artifacts. This causes the UI to show the artifact as "Not Signed" (Red X) and missing the Cosign icon.
The Fix:
I updated src/server/middleware/subject/subject.go to:

1. Define the new bundle media type constant.
2. Update the switch logic to map this new media type to model.TypeCosignSignature.

This change maintains backward compatibility (legacy signatures are still supported).

Verification:
Tested locally with Harbor Dev Environment (harbor-next) and Cosign v3.0.2.

• Validated that cosign sign (defaults) creates the new bundle format.
• Validated that Harbor API now returns type: "signature.cosign".
• Validated that Harbor UI displays the "Signed" status correctly.

Screenshots

Before (The Issue)

Harbor fails to recognize the signature (Red X, generic accessory type):

After (The Fix)

Harbor correctly identifies the signature (Green Checkmark, Cosign icon):

Issue being fixed

Fixes #22401

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. "release-note/new-feature"
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 65.85%. Comparing base (c8c11b4) to head (9c6c757).
⚠️ Report is 607 commits behind head on main.

Files with missing lines	Patch %	Lines
src/server/middleware/subject/subject.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #22628       +/-   ##
===========================================
+ Coverage   45.36%   65.85%   +20.48%     
===========================================
  Files         244     1073      +829     
  Lines       13333   116095   +102762     
  Branches     2719     2931      +212     
===========================================
+ Hits         6049    76452    +70403     
- Misses       6983    35405    +28422     
- Partials      301     4238     +3937     

Flag	Coverage Δ
unittests	65.85% <0.00%> (+20.48%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/server/middleware/subject/subject.go	47.61% <0.00%> (ø)

... and 986 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bupd]

/lgtm

[bupd]

@Aloui-Ikram Once again, thanks for clearing up my backlog.

[wy65701436]

@Aloui-Ikram thanks for your contribution, can you ensure all the CI pipelines pass?

@MinerYang please have a review and validate the changes at our end, thanks.

[Aloui-Ikram]

@wy65701436 You’re welcome , i reviewed the CI failure ,they are coming from unrelated UT tests ,they don’t seem related to my changes in middleware/subject

[MinerYang]

lgtm

[wy65701436]

lgtm

[bupd]

looks like the UTTEST is flaking again.