Update cosign usage note

.goreleaser.yml

@@ -156,9 +156,11 @@ release:
     Below is an example using `cosign` to verify a release artifact:
 
     ```
-    COSIGN_EXPERIMENTAL=1 cosign verify-blob \
+    cosign verify-blob \
       --certificate ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig.pem \
       --signature ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz.sig \
+      --certificate-identity-regexp "https://github\.com/smallstep/certificates/.*" \
+      --certificate-oidc-issuer https://token.actions.githubusercontent.com \
       ~/Downloads/step-ca_darwin_{{ .Version }}_amd64.tar.gz
     ```