TUF target names need to be derived more intelligently

[phenaproxima]

This plugin has a bug which prevents it from working with the packages.drupal.org repository (or its staging server). The problem is that, when downloading Composer metadata, the TUF target names need to be derived from the metadata URLs. The URLs are, sadly, not consistent on packages.drupal.org -- packages.json exists at https://packages.drupal.org/8/packages.json, but the actual package-specific metadata lives at https://packages.drupal.org/files/8/p2/drupal/PACKAGE_NAME.json, which doesn't actually include the URL of the repo itself (https://packages.drupal.org/8). So the current method is insufficient, and it derives the wrong target name, which causes TUF to not be able to find it, which breaks things.

I think we need to take a two-pronged approach here. If the URL of the downloaded metadata starts with the URL of the Composer repository, we can safely use our old way (strip off the URL of the repository, and the resulting string is the target name). Otherwise, we have to assume that the path component of the URL (/files/8/p2/drupal/PACKAGE_NAME.json) is the name of the target.