fix: CVE-2025-66506 - upgrade cosign to 2.6.2

[infernus01]

Changes

Scope of this fix is to address CVE-2025-66506 by upgrading cosign from version 2.6.0 to 2.6.2 which has indirect dependency on fulcio 1.8.4

/kind bug

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• Has Docs included if any changes are user facing
• Has Tests included if any functionality added or changed
• Follows the commit message standard
• Meets the Tekton contributor standards (including
  functionality, content, code)
• Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
• Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

[anithapriyanatarajan]

/ok-to-test

[anithapriyanatarajan]

/hold

[anithapriyanatarajan]

/ok-to-test

[anithapriyanatarajan]

/hold cancel

[vdemeester]

@anithapriyanatarajan it probably will need a rebase to pickup the fixes in #1542.

[anithapriyanatarajan]

@infernus01 could you rebase

[anithapriyanatarajan]

/approve

[anithapriyanatarajan]

/lgtm

[anithapriyanatarajan]

/approve
/lgtm

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: anithapriyanatarajan
To complete the pull request process, please assign wlynch after the PR has been reviewed.
You can assign the PR to them by writing /assign @wlynch in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment