cosign/system_config/custom_components incorrectly says 'cosign verify --trusted-root` is available

[dmitris]

Description
https://docs.sigstore.dev/cosign/system_config/custom_components/ bullet 3. states:

You can then supply that trusted root file to cosign verify commands with --trusted-root.

However, cosign verify currently doesn't (yet) support the --trusted-root parameter - building cosign from the trunk (commit 795289124edd46d4e2ab588b426a8314bc13cf1f), you get the error:

$ ./cosign verify --trusted-root=trustedroot.json --onlineTlog=false --requireTlog=false --ignore-sct=true image-name:tag
Error: unknown flag: --trusted-root
main.go:74: error during command execution: unknown flag: --trusted-root

The docs line is added in pr327

Suggested solution: modify the doc to say something like:

You can then supply that trusted root file to the `cosign verify-bundle` command with --trusted-root; in the future, this option will also be supported by `cosign verify`.

Version

$ cosign version
GitVersion:    v2.4.1-16-g79528912
GitCommit:     795289124edd46d4e2ab588b426a8314bc13cf1f
GitTreeState:  clean
BuildDate:     2024-11-13T01:47:43Z
GoVersion:     go1.23.3
Compiler:      gc
Platform:      darwin/arm64

/cc @steiza