chore(deps): update sigstore repositories (minor)

[ocmbot]

This PR contains the following updates:

Package	Type	Update	Change	Pending	OpenSSF
github.com/sigstore/rekor-tiles	indirect	minor	v0.1.11 → v0.99.1
github.com/sigstore/sigstore	indirect	minor	v1.9.6-0.20251007084510-03d481d3b6fc → v1.10.0	v1.10.3 (+2)

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

sigstore/sigstore (github.com/sigstore/sigstore)

v1.10.0

Compare Source

Breaking change

#​2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in #​2174
• set GoogleAPIClientOption on GCP KMS provider in #​2128

Refactoring

• cryptoutils: move goodkey validation to separate package in #​2194
• Stop depending on golang.org/x/crypto for sha3 in #​2209
• remove duplicative dependency for portable browser opener in #​2178
• consolidate deep Equal usage to one library in #​2177
• Drop redundant aws-sdk-go dependency in the e2e kms tests in #​2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

---

Configuration

📅 Schedule: Branch creation - Only on Sunday ( * * * * 0 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[frewilhelm]

Blocked as we plan to upgrade to cosign v3 (in ocm v1)

[frewilhelm]

The upgrade of github.com/sigstore/rekor-tiles is busted (see version bump) and github.com/sigstore/sigstore is fixed in #1432.