Add protobuf bundle support for tree subcommand

[steiza]

Summary

As mentioned in a few places (#4470, #4488), cosign tree did not really work with new protobuf bundles.

You could specify --experimental-oci11=true, in which case you'd get a somewhat unhelpful line that looked like this:

└── 🔗 application/vnd.oci.empty.v1+json artifacts via OCI referrer: ghcr.io/steiza/nginx@sha256:1281e7fa979a84eef5f5d5bf292f88ddbc3115fb94f20964edea0c735189473e

With this change, we default to looking for things using the OCI1.1 referrer spec, and we populate the line with the protobuf bundle predicate type, so it instead looks like this:

└── 🔗 https://sigstore.dev/cosign/sign/v1 artifacts via OCI referrer: ghcr.io/steiza/nginx@sha256:1281e7fa979a84eef5f5d5bf292f88ddbc3115fb94f20964edea0c735189473e

Release Note

• tree defaults to the OCI 1.1 referrer specification, and displays the predicate type for protobuf bundles

Documentation

N/A

[codecov]

Codecov Report

❌ Patch coverage is 11.11111% with 24 lines in your changes missing coverage. Please review.
✅ Project coverage is 35.31%. Comparing base (2ef6022) to head (2322039).
⚠️ Report is 570 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/cosign/cli/tree.go	0.00%	22 Missing ⚠️
cmd/cosign/cli/options/tree.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4491      +/-   ##
==========================================
- Coverage   40.10%   35.31%   -4.79%     
==========================================
  Files         155      220      +65     
  Lines       10044    15195    +5151     
==========================================
+ Hits         4028     5366    +1338     
- Misses       5530     9141    +3611     
- Partials      486      688     +202     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.