Validate spec_version during initialization

According to point 2 in the semver specification:
"A normal version number MUST take the form X.Y.Z where X, Y, and Z are
non-negative integers...". See: https://semver.org/#spec-item-2
Also, even though version strings like "2.0.0-rc.2" or "1.0.0-beta" are
valid strings in semantic versioning format, in TUF we never needed
to add letters for our specification number.
That's why I validate that: spec_version is a . separated string
and when split it has a length of 3 and that each of the
three elements is a number.

The modules under the tuf/api folder in TUF are an alternative TUF
implementation. That's why they should use their own constant for
SPECIFICATION_VERSION in tuf/metadata/api.

This time, I used a list for the SPECIFICATION_VERSION constant in order
to retrieve major and minor versions easier.

I use the SPECIFICATION_VERSION to check that the given spec_version is
supported against the tuf code spec version.

Signed-off-by: Martin Vrachev <[email protected]>

tuf/api/metadata.py

@@ -37,6 +37,10 @@
 # and currently, we are above 1000 lines by a small margin.
 # pylint: disable=C0302
 
+# We aim to support SPECIFICATION_VERSION and require the input metadata
+# files to have the same major version (the first number) as ours.
+SPECIFICATION_VERSION = ["1", "0", "19"]
+
 
 class Metadata:
     """A container for signed TUF metadata.
@@ -290,6 +294,16 @@ def __init__(
         expires: datetime,
         unrecognized_fields: Optional[Mapping[str, Any]] = None,
     ) -> None:
+        spec_list = spec_version.split(".")
+        if (
+            len(spec_list) != 3
+            or not all(el.isdigit() for el in spec_list)
+            or spec_list[0] != SPECIFICATION_VERSION[0]
+        ):
+            raise ValueError(
+                f"Unsupported spec_version, got {spec_list}, "
+                f"supported {'.'.join(SPECIFICATION_VERSION)}"
+            )
         self.spec_version = spec_version
         self.expires = expires