docs: clarify asymmetric KMS key needed for signing

[bm54cloud]

Is your feature request related to a problem? Please describe.

Docs remain vague on using --signing-key. These two sites (https://docs.zarf.dev/commands/zarf_package_create/ and https://docs.zarf.dev/commands/zarf_package_publish/) state:
--signing-key string Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider

Cosign supports KMS keys, but they must be an asymmetric (vs symmetric) key (which was also never really found in the Cosign documentation explicitly). Could we clarify the need for asymmetric keys in the documentation somewhere?

Describe the behavior you'd like

• Given existing Zarf docs
• When looking at zarf package create --signing-key and zarf package publish --signing-key
• Then we clarify in the docs that if using a KMS key, it needs to be asymmetric

Describe alternatives you've considered

No change to documentation

Additional context

Would love to see a tutorial on the website specifically focusing on signing Zarf packages with a

[brandtkeller]

Given some recent discussions on areas of improvement around signing - a tutorial on signing zarf packages would be a great baseline that can be expanded upon as signing evolves.