Add a new certstore for HashiCorp Vault

[FeynmanZhou]

What would you like to be added?

HashiCorp Vault KMS plugin will be available to use with Notation so that users can sign OCI artifacts using the signing key stored in HashiCorp Vault.

In the verification process, Ratify certificate store only supports reading the certificate from the in-line certstore or Azure Key Vault certstore. If the HashiCorp Vault certstore could be added to Ratify, it would be helpful for the on-premises e2e scenario and extend the Ratify ecosystem.

Per discussion with @binbin-li , it requires additional development in the Ratify to support the HashiCorp Vault certstore. Then users will be able to configure the certstore in the verification process.

Anything else you would like to add?

A follow-up suggestion would be to provide a pluggable design when adding and managing external plugins. Shall we design a flexible interface so that others can contribute and develop plugins for Ratify without modifying Ratify core source code? Given an example in this issue, Ratify will be able to verify artifacts using the certificate stored in HashiCorp Vault, users only need to add a new certstore_hashicorp_vault.yaml for this scenario.

Are you willing to submit PRs to contribute to this feature?

• [ ] Yes, I am willing to implement it.