Proposal to move global and command flags to go-witness

[matglas]

Problem

Witness relies as a dependency on go-witness. Some of the commands/attestors that are run are dependent on flags that are set thru global flag on the CLI. This separation makes it hard to introduce new flag or alter existing flags because witness first needs to update its dependency to the latest release of go-witness before it can merge new flags into the repo.

This happens because global flags call on options like WithX on different attestors etc.

Proposal

I believe it would be very helpful to move the registration of global or command flags to the go-witness library. This could be in a internal/cli package that allows us to make clear separation between library and facilitation of the 'companion' cli.

[matglas]

With a bit of work on the registry (https://github.com/in-toto/go-witness/tree/main/registry) its possible to add global options too probably. And add them to the context that is passed around.

[mikhailswift]

One of the primary reasons Witness and go-witness were broken into separate go modules was to keep go-witness's dependencies slim. For instance, a developer using go-witness as a library shouldn't need to have spf13/cobra or logrus as transitive dependencies if they weren't using those CLI/logging libraries. This is the same reason why go-witness uses a logging interface for developers to provide their own logging implementation.

I'm not opposed to reorganizing things to make the development of witness and go-witness simpler when it comes to this, but I do think those goals are important. I'm unclear on how moving global options to go-witness solves the problem of having to update go-witness in Witness when options change/get added, but I could be missing something.