Support custom Fulcio and Rekor configuration for verification

[tetsuo-cpp]

We're going to need this for sigstore/sigstore-conformance#25 as this is needed to point the client at mock servers during verification. At the moment, we expose the flag but don't support it:

    if args.staging:
        logger.debug("verify: staging instances requested")
        verifier = Verifier.staging()
    elif args.rekor_url == DEFAULT_REKOR_URL:
        verifier = Verifier.production()
    else:
        # TODO: We need CLI flags that allow the user to figure the Fulcio cert chain
        # for verification.
        args._parser.error(
            "Custom Rekor and Fulcio configuration for verification isn't fully supported yet!",
        )

[woodruffw]

Let's prioritize this, since it's a conspicuous gap in our functionality. We should see how cosign does this (e.g. which flag they use for the Fulcio cert chain) and try to mirror it 🙂

[tetsuo-cpp]

Sure, working on this now.