feat: bump-up tsa + e2e (CLI + K8S)

[junczhu]

Description

What this PR does / why we need it:

Which issue(s) this PR fixes *(optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged) *:

This is heading a new PoC branch and ready to merge
Bump-up notation-go and add timestamp, including related e2e tests
Reference: https://hackmd.io/CR_XKZsMSvyjjxU6fOqdcw?both

Bump-up: notation verifier dependency
Reference: https://github.com/ratify-project/ratify/pull/1685/checks?check_run_id=29115851961

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

• e2e: CLI - using valid cert, setting trust policy to always verify tsa signature
• e2e: CLI - using exp cert and setting trust policy to verify afterCertExpired
• e2e: CLI - verification failure for invalid root tsa cert

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[junczhu]

Local test: junczhu#5