Story #9510

Updated by about 1 month ago

Signatures that were:
* mirrored from remote source
* produced by Pulp Container Registry
* pushed into Pulp Container Registry by clients

will be available stored and hosted at the signature extensions API.


Add new Signature model which will have many to one relationship to the Manifest.
On manifest deletion, it's signatures will be also removed.

**Q:** store the signature in the DB ( it is a json file) or as an artifact?


store the signature as manifests part of docker v2 api ( make it cosign like, but skopeo/podman do not support that yet)~~ **we will not support this for now** yet)