Implement staging notary in pipeline-test-project

Implement everything in vault except for talking to prod notary.

• Make master branches of projects in pipeline-test-project sign images in ironbank-testing
  • Retrieve target keys from il2 staging Vault using the Pipeline NPE user account
• Write a script to be used by "IB admins" during onboarding to setup new GUNs
  • A privileged Vault user will run this script
  • Likely a shell script that accepts a GUN name as an argument?
  • steps?
    1. Retrieve root key from vault
    2. Call pki/issue to create a target key
    3. Decide what we're doing with the snapshot key Can we let Notary autogenerate it then immediately switch it to server managed?
    4. Use notary to setup trust chain for new target using the existing key (notary key import the Vault generated private key)
    5. Write target key to KV for use by pipelines
• Write some kind of script to enroll all the current images in Notary. Maybe just list images (via VAT API? via Harbor API?) and call the above script per image.