chore(deps): update sigstore/cosign-installer action to v3.6.0 (#179)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
| action | minor | `v3.5.0` -> `v3.6.0` |

---

### Release Notes

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.6.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.6.0)

[Compare
Source](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0)

#### What's Changed

- Bump actions/checkout from 4.1.2 to 4.1.3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/161](https://github.com/sigstore/cosign-installer/pull/161)
- Bump actions/checkout from 4.1.3 to 4.1.4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/162](https://github.com/sigstore/cosign-installer/pull/162)
- Bump actions/setup-go from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/163](https://github.com/sigstore/cosign-installer/pull/163)
- Bump actions/checkout from 4.1.4 to 4.1.5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/164](https://github.com/sigstore/cosign-installer/pull/164)
- Bump actions/checkout from 4.1.5 to 4.1.6 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/165](https://github.com/sigstore/cosign-installer/pull/165)
- Bump actions/checkout from 4.1.6 to 4.1.7 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/166](https://github.com/sigstore/cosign-installer/pull/166)
- Bump actions/setup-go from 5.0.1 to 5.0.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/167](https://github.com/sigstore/cosign-installer/pull/167)
- pin public key used for verification by
[@&#8203;bobcallaway](https://github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/169](https://github.com/sigstore/cosign-installer/pull/169)
- bump default version to v2.4.0 release by
[@&#8203;bobcallaway](https://github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/168](https://github.com/sigstore/cosign-installer/pull/168)
- update readme for new release by
[@&#8203;bobcallaway](https://github.com/bobcallaway) in
[https://github.com/sigstore/cosign-installer/pull/170](https://github.com/sigstore/cosign-installer/pull/170)

**Full Changelog**:
sigstore/cosign-installer@v3...v3.6.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/rsturla/eternal-main).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yMC4xIiwidXBkYXRlZEluVmVyIjoiMzguMjAuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/actions/sign-image/action.yml

@@ -41,7 +41,7 @@ runs:
         password: ${{ inputs.registry-password }}
 
     - name: Setup Cosign
-      uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
       with:
         cosign-release: ${{ inputs.cosign-version }}
 

.github/actions/verify-image/action.yml

@@ -18,7 +18,7 @@ runs:
   using: composite
   steps:
     - name: Setup Cosign
-      uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
       with:
         cosign-release: ${{ inputs.cosign-version }}
 

.github/workflows/sign-image.yml

@@ -35,7 +35,7 @@ jobs:
           echo "NAME=$name" >> $GITHUB_OUTPUT
 
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
 
       - name: Sign Image
         env: