doc: added quick start tutorial in Readme

[FeynmanZhou]

This looks fairly good, some commentary inline :-)

I want to write a Vault ACL policy for Notary so production users can see the required permissions, but I wouldn't hold that up on this.

Hi @cipherboy, thanks for your review. Could you share a little bit more about the Vault ACL policy for Notation? Are you going to do it in a follow-up PR?

[cipherboy]

Hi @cipherboy, thanks for your review. Could you share a little bit more about the Vault ACL policy for Notation? Are you going to do it in a follow-up PR?

Yeah, I can do a follow-up PR for that, but do remind me if I don't get to it.

It'd look like this: https://developer.hashicorp.com/vault/tutorials/policies/policy-templating?in=vault%2Fpolicies

I think the Notary signing token just needs read access on K/V and write capability on the Transit sign endpoint, but I want to verify you don't need verification... The token for establishing the key material can be different and more permissively scoped, but I'm hoping to keep the Notary signing token more closely scoped.

[Two-Hearts]

Hi @cipherboy, thanks for your review. Could you share a little bit more about the Vault ACL policy for Notation? Are you going to do it in a follow-up PR?

Yeah, I can do a follow-up PR for that, but do remind me if I don't get to it.

It'd look like this: https://developer.hashicorp.com/vault/tutorials/policies/policy-templating?in=vault%2Fpolicies

I think the Notary signing token just needs read access on K/V and write capability on the Transit sign endpoint, but I want to verify you don't need verification... The token for establishing the key material can be different and more permissively scoped, but I'm hoping to keep the Notary signing token more closely scoped.

@cipherboy I'm going to merge this PR now as it has two approvals. Could you create a follow-up PR for your above proposals? Thanks!