Fix broken sigstore links

Signed-off-by: itowlson <[email protected]>

content/spin/v1/install.md

@@ -166,7 +166,7 @@ If you want to use WSL2 (Windows Subsystem for Linux 2), please follow the instr
 
 The Spin project [signs releases](https://github.com/fermyon/spin/blob/main/docs/content/sips/012-signing-spin-releases.md) using [Sigstore](https://docs.sigstore.dev/), a project that helps with signing software and _stores signatures in a tamper-resistant public log_. Consumers of Spin releases can validate the integrity of the package they downloaded by performing a validation of the artifact against the signature present in the public log. Specifically, users get two main guarantees by verifying the signature: 1) that the author of the artifact is indeed the one expected (i.e. the build infrastructure associated with the Spin project, at a given revision that can be inspected), and 2) that the content generated by the build infrastructure has not been tampered with.
 
-To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/system_config/installation/). This is the CLI tool that we will use validate the signature.
+To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/cosign/system_config/installation/). This is the CLI tool that we will use validate the signature.
 The same directory where the installation script was run should also contain a signature of the Spin binary and the certificate used to perform the signature. The following command will perform the signature verification using the `cosign` CLI:
 
 <!-- @selectiveCpy -->

content/spin/v2/install.md

@@ -165,7 +165,7 @@ If you want to use WSL2 (Windows Subsystem for Linux 2), please follow the instr
 
 The Spin project [signs releases](https://github.com/fermyon/spin/blob/main/docs/content/sips/012-signing-spin-releases.md) using [Sigstore](https://docs.sigstore.dev/), a project that helps with signing software and _stores signatures in a tamper-resistant public log_. Consumers of Spin releases can validate the integrity of the package they downloaded by performing a validation of the artifact against the signature present in the public log. Specifically, users get two main guarantees by verifying the signature: 1) that the author of the artifact is indeed the one expected (i.e. the build infrastructure associated with the Spin project, at a given revision that can be inspected), and 2) that the content generated by the build infrastructure has not been tampered with.
 
-To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/system_config/installation/). This is the CLI tool that we will use validate the signature.
+To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/cosign/system_config/installation/). This is the CLI tool that we will use validate the signature.
 The same directory where the installation script was run should also contain a signature of the Spin binary and the certificate used to perform the signature. The following command will perform the signature verification using the `cosign` CLI:
 
 <!-- @selectiveCpy -->