Is there any discussion around why you require all container images to be signed? I understand that you want to provide a means to identifying that user X signed (well key Y signed it -- hopefully that is user X) the container, but it's putting the cart before the horse.
Maybe I'm missing something, but this completely ignores that the biggest security issue is people and process. You can't require people to have good process. IMHO, requiring gpg signatures WEAKENS security, because the people that don't care or don't have strong security requirements are going to play fast and loose with their keys. If you don't require gpg signatures, you can let those people signal their lack of security by having "naked" images. (ie: a security audit will catch that really fast and then force a reasoned discussion about key trust)
Requiring gpg signatures gives the illusion that all of the images are somehow more secure.
Maybe I'm missing something, but this completely ignores that the biggest security issue is people and process. You can't require people to have good process. IMHO, requiring gpg signatures WEAKENS security, because the people that don't care or don't have strong security requirements are going to play fast and loose with their keys. If you don't require gpg signatures, you can let those people signal their lack of security by having "naked" images. (ie: a security audit will catch that really fast and then force a reasoned discussion about key trust)
Requiring gpg signatures gives the illusion that all of the images are somehow more secure.