Allow "Issuer" and "Subject" during a verification to be the Distinguished Names "Common Name" Fields of the x509 certificates

[vigno88]

Description

Allow "Issuer" and "Subject" during a verification to be the Distinguished Names "Common Name" Fields.

When using a public CA (similar to https://linuxera.org/signing-verifying-container-images-with-cosign-own-pki/), setting extensions to a certificate is not always possible. In this case, using the "Common Name" fields of Subject and Issuer would allow the Issuer and subject to still be verified, but by using "standard" x509 information.

A new CheckOpts could be added UseCommonNames and the CheckCertificatePolicy function could set oidcIssuer to cert.Issuer.CommonName and sans to []string{cert.Subject.CommonName} when the new option is set.

[haydentherapper]

Marking as dup, see #2279 (comment).

In Cosign, we currently expect certificates conform to the Sigstore certificate profile. I'd prefer to see this implemented as an inspect command that lets verifiers apply custom policy checks rather than grow the API. Long-term, we could support more of these options, but would want to do so in a dedicated API for bring-your-own PKI that doesn't conform to the certificate profile.