Support multiple predicates when using cosign attest

[crispysipper]

Description

Support multiple predicates when creating container image attestation. For instance, if a user wanted to attest to an sbom and an image scan within the same image attestation. This could be done by using the --predicate flag multiple times or some sort of stringArray as an input value

Example from my use case:

cosign attest --tlog-upload=false --yes --type https://cyclonedx.org/bom/v1.6 --predicate example-cyclonedx-scan.json --predicate example-cyclonedx-sbom.json --key <aws_cmk_key> ${image}@${DIGEST}

Current behavior:
It appears the second --predicate flag overwrites the first and in the above instance, there is no data embedded within the attestation for the example-cyclonedx-scan.json predicate, however the data for example-cyclonedx-sbom.json is present.

Creating more than one attestation is not really a viable workaround and it is really clunky.

This is especially important for automated image building pipelines that use cosign in conjunction with declarative policy engines like kyverno - especially since this issue remains unresolved: #2307

Honestly before deprecating things like cosign attach sbom, cosign attest should be matured out a bit first to support flexible needs. However, if someone knows of an existing way to do this, please let me know. But I couldn't find anything in the documentation.