`policy.Options` now contains the arguments to `tuf.Client`'s constructor rather than an actual Client. If these arguments are not provided, defaults pointing at Docker's TUF repo will be used. An actual TUF client can be passed in on the context (which is useful for testing). If this is not provided `attest.Verify` will create a TUF client using the options on `policy.Options`.
---------
Co-authored-by: Joel Kamp <joel.kamp@docker.com>
* Add rewrite support and fix existing tests
* Add unit tests for policy matching
* Compile regexes up front and store policies in map
* Add test for verify flow with mirror
* Rename ImageName -> ResolvedName
And only set it when necessary
* Rename Rewrite -> Replacement
but keep it as rewrite in the yaml
* Add support for separate attestation storage repo
* Move mapping file types and parsing to config package
* Change signature of Verify to take image/platform
* Separate Attestation Resolvers to their own files (registry, layout and referrers)
* Add support configuring referrers resolution style in mapping.yaml
* Add registry test