tuf-on-ci migration preparation

[jku]

In preparation for #929, we should do all preparing steps that are not limited by the online signing schedule and that will not affect the current day-to-day operation of this repository.

I'll document the steps in more detail and will make one or more PRs, but the rough sketch is:

• Update targets/ so its content match the expected repository artifacts
• Add scripts/data needed for the migration
• Add the new workflows (in a disabled state at this point)
• Add a playbook for the migration
• Add new playbook(s) for signers
• Modify project configuration (this is done via sigstore/community)

[jku]

https://github.com/jku/root-signing/pull/1 contains the workflow enabling/disabling commits that we should include in the initial signing event branch (to disable legacy workflows and enable tuf-on-ci ones)

[jku]

Collecting items that must be done before initial tuf-on-ci signing event

• [ ] Decide/ communicate signing event date (currently looking at week 35-36, we'll make a proposal in next days)
• [ ] decide/communicate sigstore-rs situation (#1251): @kommendorkapten assigned
• [ ] Release tuf-on-ci with needed features
  • [ ] Finish support for external delegations (https://github.com/theupdateframework/tuf-on-ci/pull/384): @kommendorkapten assigned
  • [ ] Possibly include a solution to scheduling issue WRT legacy online signing during the signing event: @jku assigned (https://github.com/theupdateframework/tuf-on-ci/pull/395): this would remove the very tight deadline from the signing event
• [ ] Initial review of workflow changes for signing event #1313
• [ ] #1261
• [ ] terraform changes
  • [ ] #1314
  • [x] https://github.com/sigstore/community/pull/451

[jku]

FYI @haydentherapper

[jku]

marking this closed: the actual migration is in #1320