MVP

[davidstrauss]

• GitHub Actions for timestamp re-signing every 12 hours
• GitHub Actions or offline signing for snapshot signing
• Offline signing with a regular (non-HSM) YubiKey using Ed25519 for root signing
• Offline signing with either a YubiKey or an on-disk Ed25519 key for target signing
• Git LFS for actual file targets
• Trigger to publish repository upon generation
• Python script wrapping TUF's repository_tool API to publish a new release (with intent of shelling out from TYPO3's Darth tool)
• Example integration to upload the GitHub artifacts to a service like S3