Simplify inline KMP Resources creation during Ratify installation

[yizha1]

What would you like to be added?

Currently, the Ratify Helm chart installation supports creating inline KMP resources by providing root certificate files in PEM format. For example: --set-file notationCerts={./notation.crt}. This requires users to:

• Obtain and store the root certificate file on the filesystem first. Normally, the root certificate file could be stored on the web and accessed via an HTTP(S) URL.
• Ensure that the root certificate file is in PEM format. However, certificates might be in a binary encoded format, such as DER, so users need to follow the guide to convert the DER file to a PEM file.

To enhance the user experience, Ratify should support multiple methods for passing root certificate files. Besides accepting a PEM file, Ratify should allow fetching the root certificate from a public web address and processing different certificate formats, such as PEM and DER.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

• Yes, I am willing to implement it.

[FeynmanZhou]

For the point 1, this is a good proposal as it will streamline the cert setup. A similar feature request was asked in notation either: notaryproject/notation#631

Retrieve a cert from a public URL may require an additional verification against the server as attack may happen in network. Ratify needs to make sure the retrieved cert is downloaded from a trusted source.