chore: enhance CLI help: add example for signer spec and add some more explaining lines

[morri-son]

On-behalf-of: Gerald Morrison (SAP) gerald.morrison@sap.com

What this PR does / why we need it

Enhance the help for the ocm sign cv command and explain the signer spec and add an example config. Also explain signatureEncodingPolicy and Plain vs. PEM.

Testing

How to test the changes

Commands that test the change:

ocm sign cv --help

-->

Verification

• I have tested the changes locally by running ocm

Summary by CodeRabbit

• Documentation
  • Enhanced help text and reference docs for component-version signing with clearer examples and notes.
  • Renamed and clarified the credential config section to indicate credentials are resolved via .ocmconfig and must match the signature flag.
  • Added a dedicated "signer spec" section explaining that signer specs configure algorithm/encoding (not credentials) and showing usage examples.
  • Clarified default signing algorithm and encoding (RSASSA-PSS with Plain encoding) and how to override defaults.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates CLI help text and documentation for component-version signing to add an example signer-spec section, clarify that credentials are resolved via .ocmconfig, and state that signer specs configure algorithm/encoding (defaults: RSASSA-PSS with Plain encoding).

Changes

Cohort / File(s)	Summary
CLI Command Help cli/cmd/sign/component-version/cmd.go	Rewrote flag/help text: renamed credential example header, clarified credentials are resolved via .ocmconfig, expanded --signer-spec description to state it controls algorithm/encoding (not credentials) and documents defaults.
Documentation cli/docs/reference/ocm_sign_component-version.md	Added "Example Signer Spec File (--signer-spec)" section with YAML example and supported fields; updated credential example heading to include (.ocmconfig) and added explanatory notes about matching the --signature flag.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A nibble, a note — docs trimmed and bright,
Signer specs penned in YAML light,
Credentials kept in .ocmconfig land,
Algorithms now clearly planned,
Hop, sign, and snack — all goes right! 🍪

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: enhancing CLI help documentation by adding examples and explanatory information for the signer spec.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

cli/docs/reference/ocm_sign_component-version.md (1)

94-94: Align wording with the new signer-spec scope.

Line 94 says “override algorithm defaults”, but the surrounding text now consistently states signer-spec controls both algorithm and encoding. Consider updating this line to avoid mixed messaging.

Suggested wording tweak

-# Use a signer specification file to override algorithm defaults
+# Use a signer specification file to override algorithm and encoding defaults

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/docs/reference/ocm_sign_component-version.md` at line 94, Update the
heading text "Use a signer specification file to override algorithm defaults" to
reflect that signer-spec controls both algorithm and encoding (e.g., "Use a
signer specification file to override algorithm and encoding defaults") so
wording aligns with the rest of the document that describes signer-spec scope.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@cli/docs/reference/ocm_sign_component-version.md`:
- Line 94: Update the heading text "Use a signer specification file to override
algorithm defaults" to reflect that signer-spec controls both algorithm and
encoding (e.g., "Use a signer specification file to override algorithm and
encoding defaults") so wording aligns with the rest of the document that
describes signer-spec scope.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d6f284b2-98c2-494b-9207-ae8b1fbfcdd1

📥 Commits

Reviewing files that changed from the base of the PR and between 71ace28 and 2393e25.

📒 Files selected for processing (2)

• cli/cmd/sign/component-version/cmd.go
• cli/docs/reference/ocm_sign_component-version.md

🚧 Files skipped from review as they are similar to previous changes (1)

• cli/cmd/sign/component-version/cmd.go

[fabianburth]

Approved for now, I agree we need this. Although we are striving away from our brief command lines helps (not just here, in a lot of commands).