Downgrade cosign-installer from v4.0.0 to v3.10.1 to fix signing failure (#22)

The cosign-installer v4.0.0 installs cosign v3.x which has breaking changes
in the sign-blob command that are incompatible with our goreleaser
configuration. Cosign v3.x requires the --bundle flag with signing configs,
causing the release workflow to fail with:
"Error: must provide --bundle with --signing-config or --use-signing-config"

Evidence:
- Toolhive hit the same issue in v0.3.10 release (Oct 17, 2025)
- Fixed by reverting to cosign-installer v3.10.1 in commit 012d3b88
- v3.10.1 installs cosign v2.6.1 which works with existing config

This matches the version used by the main toolhive project.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <[email protected]>

Author: jhrozek

.github/workflows/releaser.yml

@@ -75,7 +75,7 @@ jobs:
         uses: anchore/sbom-action/download-syft@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
 
       - name: Build and Verify Binary Version
         env: