Ability to sign and verify .talismanrc

[svishwanath-tw]

trafficstars

When .talismanrc is checked in, the changes to it can be tracked via git. But that does not prevent accidental (or malicious) misconfiguration. A PKI based signing mechanism can be used to validate that .talismanrc is/was vetted by a known/competent actor.

Describe the solution you'd like

1. Allow signing of .talismanrc using a private key
2. When talisman detects a signature in a .talismanrc it should try to verify it using a public key file (which could either be specified on the command line on in .talismanrc itself).
3. If signature verification fails, a warning/error can be displayed to the user.
4. Stretch: Talisman should be able to work with various forms of public/private key pairs (eg: id_rsa.pub and id_rsa used for ssh, a .pfx file including both keys, .pem )