Cosign v2 `verify` should auto-detect if `--new-bundle-format` is needed

[sudo-bmitch]

Description

The migration from v2 to v3 signatures is a bit rough for users verifying signatures with v2 clients. While v3 clients seem to either automatically fallback or ignore the --new-bundle-format flag, v2 clients need to know this setting in advance. That means projects signing content should hold off on a v3 upgrade, or at least force the old sha256-$digest.sig tags, while waiting for all clients to upgrade. Otherwise they would need to coordinate the CLI update of every client verifying the signature at the same time the signing workflow is upgraded.

It would be helpful for v2 tooling to automatically fallback and not need the --new-bundle-format flag the way v3 does.