ci/cd: migrate to cosign v3 bundles and update installer to v4.1.0

[FreyreCorona]

Description
This PR updates the artifact signing process to comply with Cosign v3 standards, which now favors the use of unified bundles (.sigstore files)
over detached signatures and certificates.

Changes

• GoReleaser: Updated .goreleaser.yml to use the --bundle flag. This packages the signature, certificate, and transparency log entry into a
  single .sigstore file.
• Workflow: Removed the obsolete COSIGN_EXPERIMENTAL: 1 environment variable, as keyless signing is now the default in Cosign v3.
• Installer: Updated sigstore/cosign-installer to version v4.1.0 using its verified commit SHA (ba7bc0a3fef59531c69a25acd34668d6d3fe6f22) to
  ensure compatibility with Cosign 3.x.

Testing
Verified in a fork that:

• The sigstore/cosign-installer correctly resolves and installs Cosign v3.0.6.
• The --bundle flag in sign-blob correctly generates the expected artifacts.
• The workflow proceeds without requiring the experimental flag.

Assistance Disclosure
I used Gemini CLI to research the Cosign v3 breaking changes, verified the final implementation and generate commit messages and PR message