QuoteAttestation: Remove support for multiple signers in the API

[avalluri]

Currently, the QuoteAttestation CRD API supports multiple CA provisioning via spec.singerNames and status.secrets. The original idea behind this was to minimize the QA objects and thus reduce quote verification requests for multiple CAs. But, in fact, this is not needed (and thus not used in the code) for the below reasons, and also complicates the handling of QA objects:

• the quote attestation is initiated (and linked to) by a single issuer(TCSIssuer/TCSClusterIssuer). So, it makes more sense to keep the 1:1 relation between issuer to QA.
• complicates the status handling in case of failures, for ex., in case of failure of key wrapping for one of the signers, but
• no clear ownership of the QA object by any issuer.

So, I would propose to make the QuoteAttestation CRD support providing of a single CA. The changes include:

• QutoeAttestation CRD changes:

  QuoteAttestationSpec {
  ...
   SignerNames string 
   ...
  }
  type QuoteAttestationStatus struct {
  Conditions []QuoteAttestationCondition `json:"conditions,omitempty"`
  Secrets map[string]QuoteAttestationSecret `json:"secrets,omitempty"`
  }

  to

  QuoteAttestationSpec {
   SignerName string
   SecretName string //  name of the secret, to keep the wrapped key and certificate
   ...
  }
  type QuoteAttestationStatus struct {
  Conditions []QuoteAttestationCondition `json:"conditions,omitempty"`
  }

• Move the QuoteAttestation object creation from sgx.go to issuer_controller.go.
• Remove the QuoteAttestation reconciler code, Instead, the issuer reconciler fetches its QA object and checks if the attention is ready.