Add a subcommand to create a notation secret

[souleb]

Update the Flux CLI subcommand flux create secret to generate a secret containing notation configuration that can be used to verify a source.

This is a follow-up to fluxcd/source-controller#1075.

[JasonTheDeveloper]

Happy to pick this up, if you haven't ready started on it, @souleb

[souleb]

hello @JasonTheDeveloper what is your plan for this issue?

[JasonTheDeveloper]

Hey @souleb, I've made some progress on this. Just have to write unit tests to cover the changes introduced before creating the PR. You can see what I've done in feat/4692.

Basically, in short, I've introduced a new flux create secret notation command that requires two arguments, a --trust-policy-file and a --ca-cert-file. --ca-cert-file is a slice and can accept multiple file paths. I've also added support for directories so that the user can pass in a folder and let flux walk the directory.

I've added validations to check the trust policy is a valid notation policy as well as checking the certs passed end in .pem or .crt.

Because Notation can handle multiple certs in one secret, I had to update manifestgen/sourcesecret.options to handle multiple certs and their file names.

I didn't have time today to add those unit tests but I aim to do that tomorrow before creating the PR.

[souleb]

Awesome. Thank you!

[souleb]

I have updated our docs, but it depends on this feature. See: fluxcd/website#1911. It would be nice if you could review it too.

[stefanprodan]

Implemented in #4735