cosign private rekor sever

[NissesSenap]

Today OCIRepository supports keyles verification of the public sigstore server using:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: cert-manager
spec:
  verify:
    provider: cosign

This is great, but I can see that people don't want to use the public sever and instead want to use a locally hosted one.

It would be a nice addition to add support to customize the rekor endpoint being used.