If you're using Cosign's PKCS11 module and a key is loaded with a certificate attached to it, that certificate is always added to the signature. Cosign should support optionally disabling this to match the behavior available to keys not sourced via PKCS11. I have a pull request with a sample implementation of this and am happy to make any changes needed.