CGA-c92q-vh28-wcfp

Remediating GHSA-4qg8-fj49-pxjh requires upgrading github.com/sigstore/timestamp-authority from v1.2.9 to v2.0.3. github.com/sigstore/timestamp-authority is a transitive dependency pulled in via github.com/aquasecurity/trivy. Current latest upatream github.com/aquasecurity/trivy is still pinned to a vulnerable version of github.com/sigstore/timestamp-authority