fix(release): force legacy cosign bundle format

cosign v3 defaults to --new-bundle-format=true, which emits a single
.sigstore.json bundle and ignores --output-signature/--output-certificate.
Goreleaser's sign step still expects separate .sig and .pem files
alongside each artifact, so forcing --new-bundle-format=false preserves
the existing file layout without a goreleaser-side migration.

Author: adrianbrad

.goreleaser.yaml

@@ -30,6 +30,7 @@ signs:
     certificate: "${artifact}.pem"
     args:
       - sign-blob
+      - --new-bundle-format=false
       - --output-certificate=${certificate}
       - --output-signature=${signature}
       - ${artifact}