[WIP]: Air gap support

[vaikas]

Summary

Use newer version of theupdateframework/go-tuf, sigstore/sigstore https://github.com/theupdateframework/go-tuf/pull/397 https://github.com/sigstore/sigstore/pull/715

I'll add an e2e test once I can get the e2e test here (that I'll use this version of cosign then from) to test this new behaviour. But you can see it works here: https://github.com/sigstore/scaffolding/pull/382/files#diff-6fc761a0f69ff1560f6fb38a4bc8c509cb4d9c68df250223f765ca6564521119R208

And a passing run (one of them) here: https://github.com/sigstore/scaffolding/actions/runs/3139401394/jobs/5099778594

Release Note

• Add support for air gap scenarios by being able to initialize TUF root where remote is local filesystem.

Documentation

[codecov-commenter]

Codecov Report

Merging #2299 (0528e19) into main (35595e8) will not change coverage. The diff coverage is 0.00%.

@@           Coverage Diff           @@
##             main    #2299   +/-   ##
=======================================
  Coverage   30.48%   30.48%           
=======================================
  Files         136      136           
  Lines        8384     8384           
=======================================
  Hits         2556     2556           
  Misses       5494     5494           
  Partials      334      334           

Impacted Files	Coverage Δ
cmd/cosign/cli/options/initialize.go	0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[dlorenc]

Is this ready for review?

[vaikas]

I want to add the e2e tests for it.

[vaikas]

ho hum, I see we need to add the required tests because I added a new matrix segment for this to be considered passing.

[vaikas]

thanks @znewman01 ! Yeah, all the "real" work was in upstreams :) Here's just tests.