repository: redesign needed after recent verify_delegate changes

[jku]

The Repository interface looks like it does largely because of needs from A) verify_delegate and B) sign: Both needed to be called on a Metadata object and former event took a Metadata object as argument. This meant Repository.open() needed to return a Metadata even though most users could just use helpers like root() or edit_root()

The recent Metadata refactor means verify_delegate is now in Root/Targets, and takes a bytes and signatures as argument. So Repository.open() is now even more awkward than it used to be.

The remaining uses for Metadata are de/serialization, and accessing sign(), signatures and signed_bytes -- possibly these could be handled within Repository.open() /close() so that open() did not return a Metadata object and close did not require one as argument.