[RFC] a new sign backend with signatrust

[pkking]

Dear team, as we mentioned in the discussion, the openEuler copr instance already using signatrust as a replacement for obs-sign for a year long, now i want to send some PRs to make upstream to support to switch between obs-sign and signatrust so that we can directly using upstream codebase, i want to hear more about your voice :)

Before we discussion more details, the PRs im going to send will not break any fedora copr hehavior and keep it opt-in, the main idea is:

1. add some options in copr-be.conf, so we can config the sign backend
2. change the sign.py to support some abstrack sign method and re-implement it using both obs-sign and signatrust
3. change the copr-backend.spec, add obs-sign and singatrust as optional requirements

and also here's our patch, and i will send a PR to tweak the code with the current codebase on top off the backend-1.168 tag

[praiskup]

Thank you for the early heads-up. Great to hear about your progress on Signatrust! 🚀

a replacement for obs-sign

I'd rather call it an "alternative" than a replacement at this point in time. We can not promise the move to signatrust, nor we can give any estimation when that would happen... that said, please expect us to stay with obs-sign for some (unknown, yet) time.

the PRs im going to send will not break any fedora copr hehavior and keep it opt-in

Both obs-sign and signatrust would be opt-in. Great! The patch link you added is not working, but never mind - feel free to start with the PR. It will take us some time spent on reviews, but this contribution is welcome.