Create ADR for Notary implementation

This template is ONLY used for enhancement requests. Bug reporting or new feature request issues should use the other template options for issue submission.

Current Behavior

Notary needs to be fully documented. All decisions that we have made, all steps taken, etc. need to be put down on paper. Other orgs will be looking for insight into how we implemented Notary in the pipeline and why we did so. Will need to create an ADR for reference.

Purpose

Plan

need to investigate whether the encyption algorithms are fips compliant

• command line instructions to show how Docker Content Trust works
• key storage policy captured
• input from Jeff about his process concerns
• ci pipeline design
• discuss FIPS compliancy, measures taken (RSA 4096 for root + delegation key, that targets key is autogenerated, etc)
• TOFU
• how to get new root, that it uses old root, root key is encrypted

Acceptance Criteria