Add flag to disable signature check

[mm-chia]

Currently, installing Tofu v1.8.0-beta2 fails because of signature issues (I assume they only do this for regular releases, not on pre-release versions?).

It would be nice if tenv had a flag to disable signature checks, for cases like these, because I am forced to install this tofu version manually :(

thanks!

Installing OpenTofu 1.8.0-beta2
Fetching release information from https://api.github.com/repos/opentofu/opentofu/releases/tags/v1.8.0-beta2
Downloading https://github.com/opentofu/opentofu/releases/download/v1.8.0-beta2/tofu_1.8.0-beta2_darwin_arm64.zip
Downloading https://github.com/opentofu/opentofu/releases/download/v1.8.0-beta2/tofu_1.8.0-beta2_SHA256SUMS
Downloading https://github.com/opentofu/opentofu/releases/download/v1.8.0-beta2/tofu_1.8.0-beta2_SHA256SUMS.sig
Downloading https://github.com/opentofu/opentofu/releases/download/v1.8.0-beta2/tofu_1.8.0-beta2_SHA256SUMS.pem
Error: cosign check failed
Usage:
  tenv tofu install [version] [flags]
...

A possible workaround is to remove cosign package before running this command and re-installing it afterwards.
But it's ugly :)

[kvendingoldo]

Agree, that it's a good idea to skip verification check for such cases

[dvaumoron]

It seem they have changed the identity used with cosign for non stable release, found in their doc :

# For alpha and beta builds use /main

TODOs for tenv :

• fix the corner case to check alpha and beta signature correctly
• add a flag to skip signature to prevent blocking our users on such drift

[mm-chia]

Great job, I tested using tenv 2.6.0 and the skip signature flag works as expected.
Thank you!