docs: Improve docs for tag-based attachment discovery scheme

[imjasonh]

Description

The tag naming scheme cosign relies on to attach signatures, SBOMs, etc., to images in any OCI registry is not very well documented.

https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery mentions the .sig suffix for signatures, but there aren't similar docs for attestations or SBOMs.

CLI docs for cosign attach attestation make a brief mention of the attachment prefix, but don't go into much detail about the suffix, i.e., what AttachmentName refers to, or is in the case of attestations.

      --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]   optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]

I think we might want to hoist the tag-based discovery docs out into a separate spec, and reference them from docs for signatures, SBOMs, attestations, etc., as specific examples of attachments.

[znewman01]

This will be obsoleted by #1397 IIUC