Missing or no-op Cosign v3 equivalent commands

[apyrgio]

While experimenting a bit with Cosign v3, I realized that there are some Cosign v2 commands that no longer have an equivalent, if an image was signed with the new Sigstore bundle format:

• cosign [download|attach] signature: It will fail since it expects to read/write a manifest with tag sha256-<digest>.sig
• cosign save: It will download the image layers, but no the Sigstore bundle

Is there a plan to make these commands work with Cosign v3 or v4 in the future?

[haydentherapper]

Also flagging that cosign tree has not been updated.