feat: certificate revocation

[yizha1]

What would you like to be added?

Certificate revocation is a process in which a certificate is deemed invalid before the end of its lifecycle. Here are some reasons:

• The private key is compromised.
• The certificate authority that issued this certificate was compromised.
• User information had to be changed.

Ratify should support certificate revocation to distinguish invalid and untrusted certificates from valid trusted ones.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

• [ ] Yes, I am willing to implement it.

[binbin-li]

@yizha1 as we discussed offline, this issue is probably just for tracking the notation cert revocation support. Could you update the issue and create new issues if we want to add revocation to Ratify as well?

[yizha1]

@binbin-li Sorry for not responding this issue in time. The cert revocation feature is supported by Notation as the verifier. I want to make sure that Ratify can log the correct reason that the signature verification failure is due to certificate revocation, then users can take proper actions based on it.