Expanding on OTA-831, teach oc-mirror to consume OSUS API to include signatures (OTA-949) in the graph data image built (for the releases being mirrored by oc-mirror).

Cincinnati is an update protocol designed to facilitate automatic updates. 
Oc-mirror uses the new Cincinnati endpoint https://api.openshift.com/api/upgrades_info/graph-data to download tarball. In OTA-914, oc-mirror should download and use the graph-data tarball to build the graph-data container.

signatures directory structure is shown below:
$ tree signatures signatures └── sha256 ├── 5e8f403a14eed840b01434115300f2e68cd1232aa47f9509433a46341da2f2b8 │   └── signature-1 ├── 750fe7239f8633662899a68a1204f57b7ea92189ea8024ed18d9948d1fed00b6 │   └── signature-1 └── bdc145f7f6347433f8461a1133d6354abf52268925ce7459a4294d44b9beb4ef └── signature-1 4 directories, 3 files

In a disconnected cluster, Cincinnati needs to consume signatures from graph-data container images, for Cincinnati running under the OpenShift Update Service to serve the GET API to local cluster-version operators.

Definition of done:

• Add code to oc-mirror to include signatures in the graph data image (for the releases being mirrored by oc-mirror).