Improper Input Validation

Summary

sigstore-java is a sigstore Java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This bug impacts clients using any variation of `KeylessVerifier.verify()`. Currently, checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log-in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log-in question. This may eventually lead to a monitor/witness being unable to detect when compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp, we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore, the impact on clients that are not monitors/witnesses is very low. This issue affects dev.sigstore:sigstore-java versions prior to 1.2.0.