fix: replace HS256 token with RS256

[anithapriyanatarajan]

Changes

This pull request updates the JWT token used in the x509_test.go test file to use the RS256 algorithm instead of HS256. This change ensures compatibility with cosign v2.6.0 and newer, which require RS256-signed tokens.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• Has Docs included if any changes are user facing
• Has Tests included if any functionality added or changed
• Follows the commit message standard
• Meets the Tekton contributor standards (including
  functionality, content, code)
• Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
• Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

Breaking Change: 

Due to the upgrade of Cosign from v2.5.3 to v2.6.0 (PR #1441), Tekton Chains now requires identity tokens for Fulcio signing to use the RS256 algorithm instead of HS256 or other symmetric algorithms.

Impact:

If you are using Fulcio for keyless signing with custom identity tokens (via signers.x509.identity.token.file configuration), you must ensure your tokens are signed using the RS256 (RSA with SHA-256) algorithm.
Tokens using HS256, HS384, HS512, or other non-RS256 algorithms will be rejected, causing signature operations to fail with errors like: new signer: reading id token: getting id token: open <token>: no such file or directory

Who is affected:

- Users who provide custom JWT identity tokens for Fulcio authentication
- Users who have implemented custom OIDC token providers with non-RS256 algorithms
- Default Kubernetes service account tokens and standard OIDC providers (Google, GitHub, etc.) are not affected as they already use RS256

Action required:

Update your identity token generation to use RS256 algorithm. If using custom token generation scripts, ensure they sign with RSA keys

[anithapriyanatarajan]

Screen shot of local unit test that change of token fixes the issue reported in while executing go test -v -run "^TestCreateSignerFulcioEnabled$" ./pkg/chains/signing/x509/ in PR https://github.com/tektoncd/chains/pull/1463

[jkhelil]

/approve

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jkhelil]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jkhelil]

/lgtm