Document end-to-end on-boarding workflows (including USB stick usage)

[rvs]

I think we should write up the end-to-end workflows which are relevant. One is onboarding using a product key plus serial, with a need to gather software serial numbers. That one has a weak security binding, but I think there is a discussion to be had whether we can use the TPM at install time and get a stronger binding.

The other use case is more about gathering inventory than install time options.

So walking through the use cases makes sense to me and then gathering feedback.

In any case, we should make the information we gather be consistent.

[deitch]

We have the two current API-compatible workflows in api/API.md. I agree wholeheartedly we need to document:

• any potential future workflows that may be accepted into the API. We had discussed CSR-based and a trusted signing cert so you don't need to do onboarding
• the end-to-end of how the current workflows work

We should be careful to distinguish between what is within scope of the API itself, and therefore EVE and all Controllers must implement, and what is additional features, implemented only by the Controller.