Proposal: Add support for GPG verification of states

[cpuguy83]

Description

GPG signed artifacts are common enough, it might be nice to be able to add this validation directly into the LLB.
There is already a go gpg implementation that could be used to do this verification without having to depend directly on gnupg.

On additional, perhaps special, case of this would be validating git commits/tags.

[thaJeztah]

Heh, now perhaps we should've chosen --verify after all? #3093 (comment)

[tonistiigi]

Agree on this but we need a more specific design proposal. Questions are how do you define trust root (eg. if that Dockerfile --verify is possible) and how it integrates with provenance attestation. In provenance where we currently have digests there should be a way to save signature and enough data to verify the signer identity . Eventually GPG should be available for both llb.HTTP and llb.Git . llb.Image would use something similar but some container image signature instead of GPG.

We've also discussed special code for "package signatures" in the past with @AkihiroSuda , namely Alpine and Debian. Eg. provenance created by https://github.com/tonistiigi/buildkit-alpine has all apk in provenance materials as URLs, and one could rebuild it without any network access. But the problem is that you somehow arbitrarily need to trust that the checksums in the materials array. Ideally, instead I'd like to say that I trust ncopa's GPG key, that key has signed the apk keys and then verify that all the apk blobs are correctly signed.