feat: OCI referrers API for signature and SBOM discovery

[michael-herwig]

Context

OCI 1.1 introduced the subject field and referrers API, enabling artifacts (signatures, SBOMs, attestations) to be attached to other artifacts in the same registry. Tools like cosign and notation already use this for container images.

OCX has an ADR (adr_oci_artifact_enrichment.md) covering this design space. This issue tracks the implementation work to bring it to life.

Ref: Nesbitt's article on OCI and package registries argues this is the strongest benefit of OCI adoption — inheriting the entire signing/attestation ecosystem rather than building bespoke infrastructure.

Scope

Phase 1: Discovery

• ocx verify <pkg> — discover and validate cosign/notation signatures via referrers API
• ocx sbom <pkg> — discover and fetch attached SBOMs via referrers API
• Read-only operations against existing OCI referrers

Phase 2: Attach (future)

• ocx package sign — sign a pushed artifact, attach via subject
• ocx package attest — attach SBOM/provenance during ocx package push

Prior Art

• ADR: .claude/artifacts/adr_oci_artifact_enrichment.md
• cosign: cosign verify --key <key> <image> uses referrers
• notation: notation verify <image> uses referrers
• ORAS: oras discover <artifact> lists referrers

Open Questions

• Should ocx install auto-verify signatures if a policy is configured?
• What signature formats to support initially (cosign keyless, notation, both)?
• How to handle registries that don't support the referrers API (fallback tag scheme)?