git-repo: decide on support for multiple keys

[jku]

I'm adding support on securesystemslib for identifying the HW keys: secure-systems-lab/securesystemslib#526

I want to start using that in some sense

• I think limiting it to one HW key per repository per user is fine
• Signer can recognise the correct HW key
• the signer can store the key details (URI) in .playground-sign.ini

There is an edge case: if you are a signer but have lost your local repository, you've then also lost your URI... So there should be a way to (practically automatically) import a key as the signing key without explicitly adding new signing keys to metadata

[jku]

See branch store-keys-in-ini. With configuration like this

[signing-keys]
da63eeba4841366b8968e2842cd5768933101593c0a59267a156ad6faf7af635 = hsm:2?label=YubiKey+PIV+%2315835999

• generated automatically when keys are created
• at signing time the Signer is created with this URI
• not limited to single key per user per repo
• the "lost config" case is still unsolved but should not be too difficult:
  • if uri is not found, run HSMSigner.import_(), check that public key is correct and store URI in configuration
  • in fact the initial signing key storage could happen this way as well... no need to necessarily store the URI when the public key is imported

[jku]

Moved to tuf-on-ci