Resolve "Follow-up from "Resolve "Implement production notary in production pipeline"""

The following discussions from !493 (merged) should be addressed:

• @blake.burkhart started a discussion:

  You could use secure random generation in python to do this. I think secrets.token_urlsafe(32) or something is appropriate.

• @blake.burkhart started a discussion:

  Should we iterate all the way to zero, or just n-1?

Leaving this for now, we need to figure out a good way to rotate the keys anyways so this will do for now.

• @blake.burkhart started a discussion:

  skopeo inspect could be lifted outside the loop. We will be pushing the same manfiest to every tag.

• @blake.burkhart started a discussion:

  You could just not capture stderr/stdout to let these messages go to the pipeline's log.

  You currently have it only printed on error. I think it might make sense to always print this, it will likely have useful information in it.

• Add error parsing/retry to Vault API calls !522 (merged)

• Other notary errors? Answered with general troubleshooting below

Successful pipeline

• https://repo1.dso.mil/dsop/opensource/pipeline-test-project/engine/-/jobs/2701026

Closes #265 (closed)