Updated verification loading logic.

[kommendorkapten]

Before if a trust domain was used, pgi and dotcom was not loaded. This commit makes it possible to mix and match as the operator wants to, so dotcom and a custom trust domain can be used together.

[Copilot]

Pull request overview

This PR updates verifier loading so operators can configure multiple trust domains alongside the default GitHub (“dotcom”) verifier (and PGI), by switching the multi-verifier selection from issuer-based routing to “try all verifiers until one succeeds”.

Changes:

• Refactors verifier.Multi to hold a slice of verifiers and iteratively verify bundles against each verifier.
• Updates CLI wiring to build Multi via slice appends (instead of issuer→verifier maps).
• Extends aaop to accept comma-separated trust domains and load multiple GitHub verifiers accordingly.

Show a summary per file

File	Description
pkg/verifier/multi.go	Changes Multi to a slice-backed verifier set and verifies by trying each verifier until one succeeds.
pkg/verifier/multi_test.go	Updates tests to construct Multi using the new slice-based API.
cmd/cver/cver.go	Updates CLI setup to append verifiers into Multi rather than populating a map.
cmd/aaop/aaop.go	Adds support for comma-separated trust domains and loads multiple verifiers (custom and/or GitHub) accordingly.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 4/4 changed files
• Comments generated: 6