Feature|Experimental: Add support to add Policies to TUF

[kairoaraujo]

Requires

• Feature: Add support in Archivista to store Policies #158

This issue aims to include the policies in the TUF repository.

The initial idea is to deploy a Repository Service for TUF (RSTUF) along with Archivista and have the option to use RSTUF with Archivista.

Users will be able to use the TUF to distribute the policy securely.

When a policy is added to Archivista (#158), it is stored in the Metadata Storage (BLOB) and SQL.
A new step will also be sent to RSTUF. RSTUF will include and sign the registered metadata storage artifact in the TUF metadata.

The TUF repository will have offline keys to protect the TUF Metadata and allow users to have a clear incident response in case:

• The Metadata Storage is compromised
• The signing key is compromised
• Rotate any Root key (Revocation)

When a user wants to validate the attestation against a policy, it can do it using the trusted signed root from TUF.

The idea as an experimental/prototype is to have this feature in a separate branch/release so we can evaluate all features and requirements.

This feature will require

• Task: Implement the tufstorage in internal #236
• Task: Include TUF configuration for Archivista #237
• Task: Include documentation about setup RSTUF #238