Fix LoadPrivateKey API breaking change for cosign v2.6.0

- Add LoadOption parameter to LoadPrivateKey calls in x509.go and clients.go
- Pass nil for defaultLoadOptions to use sensible defaults (ED25519ph)
- Update both production code and test code to match new API

The LoadPrivateKey function signature changed in cosign v2.6.0 to
include a third parameter for LoadOption configuration. Passing nil
uses the default ED25519ph behavior which is appropriate for this
use case.

Co-authored-by: Claude Sonnet <claude@anthropic.com>
Signed-off-by: arewm <arewm@users.noreply.github.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: arewm

pkg/chains/signing/x509/x509.go

@@ -202,7 +202,7 @@ func cosignSigner(ctx context.Context, secretPath string, privateKey []byte) (*S
 	if err != nil {
 		return nil, errors.Wrap(err, "reading cosign.password file")
 	}
-	signer, err := cosign.LoadPrivateKey(privateKey, password)
+	signer, err := cosign.LoadPrivateKey(privateKey, password, nil)
 	if err != nil {
 		return nil, err
 	}

test/clients.go

@@ -237,7 +237,7 @@ func setupSecret(ctx context.Context, t *testing.T, c kubernetes.Interface, opts
 		}
 		s.StringData[p] = string(b)
 	}
-	cosignPriv, err := cosign.LoadPrivateKey([]byte(s.StringData["cosign.key"]), []byte(s.StringData["cosign.password"]))
+	cosignPriv, err := cosign.LoadPrivateKey([]byte(s.StringData["cosign.key"]), []byte(s.StringData["cosign.password"]), nil)
 	if err != nil {
 		t.Fatal(err)
 	}