Tracking: Security, Trust models, Improving the status quo

[kinnison]

In order to properly improve rustup's security and trust model, we need to tackle a number of issues. When these are all dealt with, then we'll be in a better position to protect our users and thus we can consider enabling some kind of mirror or alternative-dist-server-by-default mechanisms.

• [ ] Simple signature verification with embedded static key available on all rustup targets (#2028)
• [ ] Design and implement a better trust model than the above (#2029)
• [ ] Signed Windows binaries (#1568)