feat(verification): get trusted root material and allow rotation (#1807)

Signed-off-by: Jose I. Paris <[email protected]>

Author: jiparis

app/controlplane/api/controlplane/v1/signing.pb.go

@@ -25,6 +25,7 @@ import "buf/validate/validate.proto";
 service SigningService {
   // GenerateSigningCert takes a certificate request and generates a new certificate for attestation signing
   rpc GenerateSigningCert (GenerateSigningCertRequest) returns (GenerateSigningCertResponse);
+  rpc GetTrustedRoot (GetTrustedRootRequest) returns (GetTrustedRootResponse);
 }
 
 message GenerateSigningCertRequest {
@@ -41,3 +42,9 @@ message CertificateChain {
    */
   repeated string certificates = 1;
 }
+
+message GetTrustedRootRequest {}
+message GetTrustedRootResponse {
+  // map keyID (cert SubjectKeyIdentifier) to PEM encoded chains
+  map<string, CertificateChain> keys = 1;
+}