UX: Improve the output for a successful signing

[yizha1]

Summary

Currently only a digest showed as the output after notation sign successfully executed. What is this digest about, the digest of the signature, signature manifest or image manifest? see example below:

notation sign --key $KEY_NAME $IMAGE
sha256:18adff7f255319415112345671bb41076de4a864eb792c35c20f0f6b4aa4c458

nowadays the digest is actually the digest of image manifest.

User Scenario

As a user, after I sign an image or artifact successfully, I want to know where the signature is stored and what the signature refers to, so that I can make sure the signature refers to a correct image or artifact, make sure sigature is stored properly, and I can CRUD later.

Improvement

Here is one idea of improving the output after a successful signing

notation sign --key $KEY_NAME $IMAGE
Signature is pushed to regsitry xxx.xxx.xxx, and refers to sha256:18adff7f255319415112345671bb41076de4a864eb792c35c20f0f6b4aa4c458

cc @shizhMSFT @dtzar @FeynmanZhou @SteveLasker

[shizhMSFT]

We might also need to make output script-friendly.

[dtzar]

We might also need to make output script-friendly.

Yes there could be something like a -o json option to output it json format

[yizha1]

Any comments? @dtzar @gokarnm @priteshbandi @iamsamirzon @vaninrao10 @patrickzheng200 , I will create PR to update spec sign.md later.

# sign an artifact identified by digest
> notation sign localhost:5000/net-monitor@sha256:1111111111111111111111111111111111111111111111111111111111111111
Sign success. Signature has been attached to localhost:5000/net-monitor@sha2561111111111111111111111111111111111111111111111111111111111111111

# sign an artifact identified by tag
> notation sign localhost:5000/net-monitor:v1
Warning: Tag is used. Always use digest to identify the reference uniquely and immutably.

Resolve tag "v1" to digest "sha256:1111111111111111111111111111111111111111111111111111111111111111"
Sign success. Signature has been attached to localhost:5000/net-monitor@sha256:1111111111111111111111111111111111111111111111111111111111111111

[FeynmanZhou]

@yizha1 Similar to my comments in #304 (comment), I suggest updating Sign success to Sign succeeded. This is more commonly used.

Another question, Notation has supported two signature envelope formats (JWS and COSE). Is it helpful to explicitly tell users about the signature envelope format they signed?

[patrickzheng200]

@yizha1 Similar to my comments in #304 (comment), I suggest updating Sign success to Sign succeeded. This is more commonly used.

Another question, Notation has supported two signature envelope formats (JWS and COSE). Is it helpful to explicitly tell users about the signature envelope format they signed?

@yizha1 I second what Feynman suggested.