add signedEntryTimestamp signature when getting entries and client verification

[asraa]

Only upload (CreateLogEntry) returns a logEntryAnon that contains a signature on the (log ID, log index, body, integrated time) (the signedEntryTimestamp). We do not store the sigs on the log. Assuming that someone can/should be monitoring rekor, we mostly trust the times in the log. When retrieving the entry from rekor, we want verification rekor signed off on this entry when giving it to us, ensuring no one tweaked the timestamp between the log and the retrieval. This PR:

• Adds a signature on any entries that are retrieved from the log.
• Adds client verification when getting an entry by index or UUID

When cosign verifies an entry signed by short-lived cert from the TLOG, it uses the integrated time for verification. Now it can check the sig before using it sigstore/cosign#371

Testing captures this signature verification, get now requires verifyLogEntry to succeed.

Signed-off-by: Asra Ali asraa@google.com