OBOM should support handling of signed and optionally transparent SBOMS

OBOM should support handling of signed and optionally transparent SBOMs that use Indirect (CoseHashEnvelope) Cose signatures which are attached to the SBOM on both push and pull to further enhance supply chain security.