feat(event-gateway): add image signature and attestation verification guide

[lahabana]

Description

Add a how-to for verifying the kong/kong-event-gateway container image with Cosign: list supply chain artifacts, verify the image signature, verify and inspect attestations, and extract the SBOM. The example version is derived from product data and the signing identity is pinned to the matching release tag.

Cross-link the new guide with the Event Gateway lifecycle pages (upgrade, breaking changes, known limitations, version support policy, changelog) so all of these pages reference each other.

Note that only works with 1.1.1 so only merge this once the site is updated for 1.1.1: https://kongstrong.slack.com/archives/C089Z3BMC9Z/p1781855374132299

Preview Links

https://deploy-preview-5645--kongdeveloper.netlify.app/event-gateway/verify-image-signatures-and-attestations/

Checklist

• Tested how-to docs. If not, note why here.
• All pages contain metadata.
• Any new docs link to existing docs.
• All autogenerated instructions render correctly (API, decK, Konnect, Kong Manager).
• Style guide (capitalized gateway entities, placeholder URLs) implemented correctly.
• Every page has a description entry in frontmatter.
• Add new pages to the product documentation index (if applicable).

[netlify]

✅ Deploy Preview for kongdeveloper ready!

Name	Link
🔨 Latest commit	591bf49
🔍 Latest deploy log	https://app.netlify.com/projects/kongdeveloper/deploys/6a3b0b8f16839f00082cb33c
😎 Deploy Preview	https://deploy-preview-5645--kongdeveloper.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

Adds Event Gateway documentation for verifying container image signatures and attestations with Cosign, and cross-links the guide across existing Event Gateway lifecycle/support pages to improve navigation between upgrade, limitations, breaking changes, support policy, and changelog content.

Changes:

• Added a new how-to guide for listing artifacts, verifying signatures, verifying/inspecting attestations, and extracting an SBOM for kong/kong-event-gateway.
• Added related_resources cross-links across Event Gateway lifecycle/support pages to reference each other and the new verification guide.
• Expanded existing related_resources lists to include upgrade/limitations/breaking changes/changelog/support-policy references.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
app/event-gateway/version-support-policy.md	Adds cross-links to upgrade/breaking changes/limitations/changelog and the new verification guide.
app/event-gateway/upgrade.md	Adds cross-links to known limitations and the new verification guide.
app/event-gateway/known-limitations.md	Adds cross-links to upgrade/breaking changes/support/changelog and the new verification guide.
app/event-gateway/changelog.md	Adds related_resources to cross-link lifecycle/support pages and the new verification guide.
app/event-gateway/breaking-changes.md	Adds cross-links to known limitations and the new verification guide.
app/_how-tos/event-gateway/verify-image-signatures-and-attestations.md	New how-to describing Cosign signature and attestation verification and SBOM extraction for Event Gateway images.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.