Let's add an experimental TLOG mode to the tool. This will look like:

TLOG=1 cosign sign ...

and

TLOG=1 cosign verify ...

The tlog server will default to api.rekor.dev, and can be overridden with the REKOR_SERVER env variable.

TLOG=1 cosign sign will publish the signature, public key and payload to the Rekor tlog.
TLOG=1 cosign verify will verify the signature, public key and payload are in the tlog, as well as verifying the signature itself.

Both commands will record the state of the tlog in the .rekor/state.json configuration file and audit the log on each invocation..