feat(viper): support viper configuration for sign/verify

[brandtkeller]

Description

This adds viper configuration for zarf package sign|verify.

Notably it adds the viper configurations for verify under the root of package instead of package.verify. This is for a few reasons:

1. We potentially want to introduce flags for the verification flags on all package commands. As such this should probably be common configuration as seen by the pre-existence of package.public_key which has always been a root package viper config.
2. It allows us to continue using the existing package.verify as a boolean for the enforcement behaviors without creating any breaking changes

There is optionality here and is highly subjective. We could implement package.verify.* as the placeholder. It follows existing conventions for the commands. verify is a nuanced command / workflow in that we intend to continue to support its use on all package load operations. The same may not necessarily apply to signing as I believe we can encourage users to implement that in multiple steps.

Related Issue

Fixes #4907

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide Steps followed

[netlify]

✅ Deploy Preview for zarf-docs canceled.

Name	Link
🔨 Latest commit	be82151
🔍 Latest deploy log	https://app.netlify.com/projects/zarf-docs/deploys/6a21beb60e8e3200094df745

[codecov]

Codecov Report

❌ Patch coverage is 74.35897% with 10 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/cmd/package.go	67.74%	8 Missing and 2 partials ⚠️

Files with missing lines	Coverage Δ
src/cmd/viper.go	38.93% <100.00%> (-16.99%)	⬇️
src/cmd/package.go	37.06% <67.74%> (-1.29%)	⬇️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.