Only one legacy cosign signature been replicated as accessory while several attached in the src artifact

[MinerYang]

Description
When we are using legacy cosign singing images in a source Harbor and replicate into target Harbor instance, there's only one signature been attached to subject artifact in the target Harbor instance due to legacy cosign using specific tag sha256-<subject-digest-xxxx>.sig to reference its subject.Since only one signature remain tagged and could establish relationship with subject when pushing to target Harbor. While other signatures been untagged and replicated as individual artifacts.

Step1 signing a image several time using legacy cosign in the source harbor instance

Step2 replicate to the target harbor instance

Step3 We will see only one signature with specific tag sha256-xxxxxx.sig been attached with subject artifact, the untagged one will been populate as an individual image in the UI.

[wy65701436]

In harbor, we only support a single signature using the default mode of cosign image signing. If you need to sign an artifact multiple times with cosign, please use the OCI 1.1 mode for signing the artifacts.