Add eclipse zenoh repo for gz-transport15

[iche033]

Related PR: gazebosim/gz-transport#600

Adds the eclipse zenoh repo to the repository.yaml config file.

From zenoh deb installation page, the instruction to add their repo is

$ echo "deb [trusted=yes] https://download.eclipse.org/zenoh/debian-repo/ /" | sudo tee -a /etc/apt/sources.list > /dev/null

Some notes:

• it does not have gpg key signing so I updated the logic to support marking a repo as trusted=yes (instead of signed-by=xxx.gpg).
• the sources.list entry does not have the typical deb {url} {distribution} {component} format but it's in the form of deb {url} {suite} where suite in this case is just an absolute path /. So I modified the code to support this use case.

Alternative considered

If we are not ok with trusting a repo without gpg signing, the alternative is to use ros2 repo's ros-rolling-zenoh-cpp-vendor package for gz-transport15. The caveat is that we will need to search for a different package name in cmake, i.e. find_package(zenoh_cpp_vendor REQUIRED)

[iche033]

cc @caguero

[iche033]

@j-rivero checking if you're ok with this approach of trusting the repo or if we should just go with the ros2 vendor packages?

If we go with the ros2 vendor packages, I only see the zenoh_cpp_vendor package but here's no zenoh_c_vendor - not sure if that'll be a problem @caguero?

[caguero]

@j-rivero checking if you're ok with this approach of trusting the repo or if we should just go with the ros2 vendor packages?

If we go with the ros2 vendor packages, I only see the zenoh_cpp_vendor package but here's no zenoh_c_vendor - not sure if that'll be a problem @caguero?

For sure we'll need zenoh-c or zenoh-pico installed in the system.

[iche033]

@j-rivero checking if you're ok with this approach of trusting the repo or if we should just go with the ros2 vendor packages?
If we go with the ros2 vendor packages, I only see the zenoh_cpp_vendor package but here's no zenoh_c_vendor - not sure if that'll be a problem @caguero?

For sure we'll need zenoh-c or zenoh-pico installed in the system.

Ok tested with the zenoh_cpp_vendor package from the ros2 repo and both zenohc and zenohcxx were found. Created #96 as an alternative way to get zenoh packages

[j-rivero]

• it does not have gpg key signing so I updated the logic to support marking a repo as trusted=yes (instead of signed-by=xxx.gpg).

Although the httpS offers some protection against possible attacks, the lack of signing packages is something to consider since there could be several issues that could make that repository vulnerable. I'll discuss with the infra group next week but let's put this on pause by now.

[j-rivero]

Closing in favor of #96 until eclipse-zenoh/ci#316 is resolved.