How can I get past a “Repository is not signed…” message when attempting to upgrade Kali Linux from a mounted disk image?

According to the Debian man page for apt-get, you can use the --allow-unauthenticated option like this:

apt-get update --allow-unauthenticated

As the man page entry for --allow-unauthenticated explains:

Ignore if packages can't be authenticated and don't prompt about it. This can be useful while working with local repositories, but is a huge security risk if data authenticity isn't ensured in another way by the user itself. The usage of the Trusted option for sources.list(5) entries should usually be preferred over this global override. Configuration Item: APT::Get::AllowUnauthenticated.

And if that doesn’t work, try run-in it with --allow-insecure-repositories like this:

apt-get update --allow-insecure-repositories

You should tell apt it's a trusted source:

deb [trusted=yes] file:/media/cdrom0 kali-rolling main contrib non-free