Embedded root.json is expired

[cmurphy]

Description

The default root.json for the public good instance expired last week: https://github.com/sigstore/sigstore-go/blob/ce459a84121500bf0a658aba8503a5836fd55ad6/pkg/tuf/repository/root.json#L6

Version

$ git rev-parse --short=8 HEAD
ce459a84

[haydentherapper]

That's fine, this metadata is the root of trust for the TUF metadata. As per the TUF spec, a TUF client will download N+1 versions until it receives an error, verify N-1 signed N, and then check the timestamp on the most recent root metadata.

We should still update the root as an optimization though so that clients don't have to download the latest root metadata each time.