Add information regarding artifact signing

[simcod]

Description

Adds a section for artifact signing and the current status within metal-stack.

References: #49

[netlify]

✅ Deploy Preview for metal-stack-io ready!

Name	Link
🔨 Latest commit	780c3bc
🔍 Latest deploy log	https://app.netlify.com/projects/metal-stack-io/deploys/68be9231adbf4200080de4e0
😎 Deploy Preview	https://deploy-preview-88--metal-stack-io.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[simcod]

@Gerrit91 I don't think there's much more to say on this topic at the moment?

[Gerrit91]

You need to say how you can verify the signed images and also an example for how to deploy an admission controller would be nice that prevents provisioning unsigned images (+ mini-lab PR maybe?).

[vknabel]

@Gerrit91 @simcod should we just merge this PR and address #88 (comment) in a future PR or should we keep this open until done?

[Gerrit91]

The decision needs to be made how we want to sign. I do both keyless and with private key at the moment. Keyless for convenience and private key for independence from an OIDC provider.

I think this PR lacks information, which needs to be added in order to provide value to the readers.

There's also overlap now with #146.