Add & update targets in TrustedRoot

[fghanmi]

Description

The purpose of this issue is to track the changes required to add and update targets in the TrustedRoot.

[jku]

I'm leaving this comment here instead of the PR since I think it's not specific to the implementation.

You said in the PR:

actually, on our side we need to be able to manipulate trust_root.json in another Rust tool: tuftool (https://github.com/awslabs/tough/tree/develop), since as of now, only sigstore-rs manages the new-style targets trust_root.json. So, it's the library where this code would fit and would be reusable by other people who have a similar usecase.

I believe up to this point sigstore-rs has been 100% a client library (I could be wrong, I'm not too familiar at this point).

Modifying the trust root sounds like something only the folks running a sigstore instance would do. I can see how the functionality would be useful for folks running private deployments but... is sigstore-rs is the right place?

• including the code in a client library sounds a little weird -- 600 LOC that that will never be used by the actual client is likely not appealing to maintainers
• From an ecosystem perspective it feels like there should preferably be a single tool to producing/modifying trusted_root.json... It's hard to tell if this PR would move towards that goal or away from it

Maybe this code does make sense in sigstore-rs -- it's true that some tools should exist for this -- but if I was a maintainer, I would like more clarity on the above points

[flavio]

I totally agree with @jku. I think this is out of the scope of sigstore-rs

[jku]

@fghanmi:

have you seen https://github.com/kommendorkapten/trtool -- I think kommendorkapten might be open to improvements if that looks roughly like what you need.