`policy.Options` now contains the arguments to `tuf.Client`'s constructor rather than an actual Client. If these arguments are not provided, defaults pointing at Docker's TUF repo will be used. An actual TUF client can be passed in on the context (which is useful for testing). If this is not provided `attest.Verify` will create a TUF client using the options on `policy.Options`.
---------
Co-authored-by: Joel Kamp <joel.kamp@docker.com>
* Single attestation when creating VSA
* Create single layer images for referrers attestations
* Move mock to test package. Add artifacts test
* Add test for envelope detection
* Add tests for image/index saving
* Add mirror tests
* Remove AttestationImage field from AttestationManifest
* Update naming. strictReferers != laxReferrers
* Add specific test for SaveReferrers
* Use receivers for manifest functions
* Move SaveImage/SaveIndex from image-signing-verifier
* Ignore test fixtures in coverage
* Add AddImagesToIndex function
* Add support for separate attestation storage repo
* Move mapping file types and parsing to config package
* Change signature of Verify to take image/platform
* Separate Attestation Resolvers to their own files (registry, layout and referrers)
* Add support configuring referrers resolution style in mapping.yaml
* Add registry test
