Check timestamp/snapshot contains snapshot/targets description

[erickt]

The timestamp.json states that the timestamp meta section MUST only contain a description of the snapshot.json file. However, updating the timestamp role does not describe when to perform this verification.

Similarly, the snapshot.json states that the snapshot meta section MUST contain a description of the targets.json file, which is also not described in updating the snapshot role.

This patch explicitly states that these checks should be performed, and that the metadata should be rejected if it is missing these entries.

[erickt]

I just read through README.rst, and it looks like I was supposed to submit this against the draft branch. However that branch hasn't been touched since 2019. Should I change this to merge into that branch?

[lukpueh]

I just read through README.rst, and it looks like I was supposed to submit this against the draft branch.

The README says:

• For patch-type changes, pull requests may be submitted directly against the 'master' branch."

So this should be fine.

[lukpueh]

However that branch hasn't been touched since 2019.

See #228 for an update and #229 for a request to prevent a stale draft branch in the future.