There are some issues with C2SP checkpoints as documented in sigstore/sigstore-conformance#241

• at least we should not expect all signatures to be from the log key