Integrating tuf-conformance

[jku]

We've written a client conformance test suite: https://github.com/theupdateframework/tuf-conformance/

I made a quick-and-dirty attempt at integrating it in this project. There are likely some other issues remaining but these two are currently preventing progress:

• ECDSA key support #408 -- the conformance test suite had to choose something as the default key ... and that was ecdsa. Adding a default-keytype option to the test suite is a possibility if ecdsa support here is unlikely
• rust-tuf client seems to only accept metadata with spec_version "1.0.0"
  • the specification is mighty unhelpful here with Adopters are free to determine what is considered a match
  • but I think only accepting 1.0.0 is not useful when that version is more than 4 years old and the specification is at 1.0.33 and the spec maintainers attempt to keep changes "forward-compatible".
  • I think a client accepting 1.0.x is a reasonable choice and something most clients do (unfortunately there is no specification changelog other than git log so I can't promise that there are no incompatibilities)

As an additional note:

• The components in src/repository/ seem to assume that the metadata and targets come from the same "source": at least for HttpRepository this is incorrect: artifacts (targets) might be downloaded from a different host than metadata files. This is not the case for the conformance test suite currently but it is true for some real world repositories.

I'm not sure when I'll continue with this conformance client project, I thought I'd file this in the interim.