We want this in the release image so the cluster-version operator in an OCP cluster knows that releases come from quay.io/openshift-release-dev/ocp-release while OKD clusters know that releases come from quay.io/okd/scos-release. The existing release-verification ConfigMap manifest (currently used for OpenPGP keyrings and signature locations) is a reasonable location for this security-sensitive content. The structure should be designed to allow rotation with overlap, in case the canonical location for release images moves in the future (e.g. OKD moving from quay.io/openshift/okd to quay.io/okd/scos-release).

Once merged, the cluster-version operator consuming the new data to implement a guard for standalone release-acceptance would be a follow-up Story.