Docker Content Trust allows for validating specific tags for a Docker image. Typically this can be enabled via the environment variable DOCKER_CONTENT_TRUST=1, but this environment variable would not apply to the initial Docker Executor spin-up. Because of this, the current workaround would be to make use of the Machine Executor.
Provide a flag or other configuration to enable Docker Content Trust on Docker Executor images.