Remove unused pyopenssl

Signed-off-by: Lukas Puehringer <[email protected]>

Implements basic primitives, defined by the python-tuf Repository
abstraction, to read and edit metadata on disk, handling version and
expiry bumps, and signature creation, and facilitating snapshot and
timestamp creation.

And adds exemplary API methods that use these primitives while
preserving consistent repo states:
- create
- add_target_files
- add_keys

Can be tested with:
```
PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 pytest --noconftest taf/tests/tuf/
```

More detailed usage docs + migration path TBD...

Signed-off-by: Lukas Puehringer <[email protected]>

The original design aimed at separating the concepts of delegation
(adding public keys) and signing (using private keys).

Since the MetadataRepository assumes that metadata can be signed
rightaway after edit (e.g. after having added a delegation), which in
turn requires private keys to be available, we might as well conflate
these two concepts.

The advantage is that the signer cache does not have to be managed
independently and is more likely to stay in sync with the delegations.

Signed-off-by: Lukas Puehringer <[email protected]>

Signed-off-by: Lukas Puehringer <[email protected]>

This should really happen upstream (see linked issue)

Signed-off-by: Lukas Puehringer <[email protected]>

YkSigner provides a minimal compatibility layer over `taf.yubikey`
module functions for use with MetadataRepository.

Even though a yubikey signer implementation (HSMSigner) based on
pykcs11 is available in securesystemslib, YkSigner was added for the
following reasons:

- TAF requires rsa support for yubikeys, but HSMSigner only supports
  ecdsa. Adding rsa support to HSMSigner, or providing a custom
  pykcs11-based RSAHSMSigner is feasible, and seems desirable, but
  requires more effort than this YkSigner did.

- TAF provides a few additional features, like setting up a Yubikey,
  changing pins, etc., which will not be added to securesystemslib.
  This means the current Yubikey infrastructure based on yubikey-manager
  needs to be preserved for the time being. Thus it made sense to
  re-use the existing implementation for YkSigner.

- YkSigner show-cases the new Signer API and might be used as blue print
  for future Signer implementations in TAF.

This commit adds basic tests with fake and real Yubikey:

```
REAL_YK=1 PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 \
    pytest --noconftest  taf/tests/tuf/ taf/tests/tuf/test_yk.py -s
```

Signed-off-by: Lukas Puehringer <[email protected]>

This allows running previously added YkSigner tests, but breaks
other things, which need change anyway in the course of upgrading to
latest tuf/securesystemslib.

Signed-off-by: Lukas Puehringer <[email protected]>

Add alternative TUF metadata repo implementation (WIP)

…gated role lookup

…n dates to the new repository class

…y class

…ort for delegations

…he new tuf

…ass and added tests

…ate test

… repository