cosign: Allow use of regex in CertSubjectEmailVerifier

[dave-tucker]

Summary

This allows for either an exact match [StringVerifier::ExactMatch] or it allows for a regular expression [StringVerifier::Regex]

This supports the use case of trusting signatures from a collection of email addresses e.g .*@redhat.com and or from a collection of issuers.

Fixes: #299

Release Note

• CertSubjectEmailVerifier is now constructed using either a StringVerifer enum. This supports exact string matches or regular expressions.

Documentation

Docstrings and examples are updated to show how this is used.

[dave-tucker]

I like the idea, I'm in favor of implementing this change.

The code looks good, but I have some suggestions. These might be a matter of personal taste, hence I'm open to have a discussion about how to proceed.

My proposal would be to change the StringVerifier from being a trait to be a simple enum. We could have something like StringVerifier::ExactMatch(String) and StringVerifier::Regex(Regex). This would make the code easier to understand for our end consumers and we could get rid of the dynamic dispatch introduced by the usage of the trait.

What do you think?

Makes sense to me. I've updated the patch with your proposal.

[flavio]

@Xynnn007 can you please give me an approval? I had to fix the conflicts with the main branch, but I didn't do any change to the original code submitted by @dave-tucker

[flavio]

@Xynnn007 thanks!

@dave-tucker sorry about the delay!