Follow up from #1363:
- the signing config from the sigstore instance may now provide a "ServiceSelector" value that instructs the client to use multiple services
- we currently only support ANY, and for TSA pick the first TSA only
We should support other service selector values and multiple TSAs when signing, but this is not critical right now because:
- public good signing config likely will only have one TSA in foreseeable future
- we also don't have a good story for more complicated verification policy -- how does client decide how many tsas it needs?
Follow up from #1363:
We should support other service selector values and multiple TSAs when signing, but this is not critical right now because: