signing event testing

[jku]

The issue with testing signing event contents is that

• a repository can only be tested by clients when it's fully signed
• We do not want to sign before testing (and in case of online timestamp/snapshot, we can't sign before merging the signing event)

We could do this:

• in a test environment, replace every key with a temporary key
• Fully sign a version of this dummy repository
• test this dummy repository with clients

This obviously would not really test key changes but e.g. artifact changes, thresholds and delegations would be tested.