Explicitly disable auth for the sigstore-tuf-root. (#528)

I had expired credentials that were causing this to fail. The bucket
is public, so we should just not use auth (which apparently requires being
explicit).

Signed-off-by: Dan Lorenc <[email protected]>

Author: dlorenc

go.mod

@@ -28,6 +28,7 @@ require (
 	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
+	google.golang.org/api v0.50.0
 	k8s.io/api v0.22.0
 	k8s.io/apimachinery v0.22.0
 	k8s.io/client-go v0.22.0

pkg/cosign/tuf/store.go

@@ -22,6 +22,7 @@ import (
 
 	"cloud.google.com/go/storage"
 	"github.com/theupdateframework/go-tuf/client"
+	"google.golang.org/api/option"
 )
 
 type GcsRemoteOptions struct {
@@ -47,7 +48,7 @@ func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions,
 	store := gcsRemoteStore{ctx: ctx, bucket: bucket, opts: opts, client: client}
 	if client == nil {
 		var err error
-		store.client, err = storage.NewClient(ctx)
+		store.client, err = storage.NewClient(ctx, option.WithoutAuthentication())
 		if err != nil {
 			return nil, err
 		}