Securesystemslib

This is a small release that only re-enables the use of SigstoreSigner.
Note that SigstoreSigner and SigstoreKey are still not part of the default
set of supported signers & keys but now they can be enabled.

Changed
* SigstoreSigner: Re-enable compatibility with Sigstore (781)

Securesystemslib API is now considered stable. The core functionality is
provided in the _Signer_ interface and the half a dozen integrated _Signer_
implementations that can be found in the `signer` module. Smaller helper
modules `dsse`, `formats`, `hash` and `storage` are also part of the API.
Several legacy modules have been removed.

Added
* Signer: add public_key attribute to interface (756)
* VaultSigner: Signer implementation for HashiCorp Vault (800)
* CryptoSigner: support ecdsa keytype that is no longer in spec (711)
* CryptoSigner: add private_bytes property (799)
* CryptoSigner: add `"file2"` signer uri (759)
* test: use localstack to test AWSSigner (777)

Removed
* CryptoSigner: remove `"file"` signer uri (759)
* migration script for legacy keys (770)
* `SSlibSigner` class and `*_securesystemslib_key` methods (771)
* legacy key `key*`, `interface`, `util` and `schema` modules (772, 773, 776)
* unused functions in `hash`, and `formats` module (774, 776)
* unused global key constants (806)

Changed
* SSlibKey: strengthen input validation (780, 795)
* AWSSigner: support default scheme and add stronger input validation (724, 778)
* dsse: change Envelope.signatures type to dict (743)
* vendor: update ed25519 copy (793)
* docs: improve user and contributor docs (744, 745, 746, 749, 759, 796)
* test: improve and temporarily disable SigstoreSigner test (779, 785)
* ci: use dependabot groups, update weekly (735)
* ci: test macOS and Windows on latest Python only (797)
* Make securessystemslib.gpg internal (792)

Fixed
* Fix check-upstream-ed25519 workflow permission (706)
* SSlibKey: fix default scheme and test for ecdsa nistp384 key (763 794)

Added
* CryptoSigner: create from `cryptography` private key with new constructor (675)
* SSlibKey: create from `cryptography` public key with new `from_crypto` method (678)
* Release: auto-release with PyPI Trusted Publishing (683)
* Docs to migrate legacy key files (658)

Removed
* Removed `SSlibKey.from_pem` factory method in favor of `from_crypto` (678)

This release contains improved Sigstore support.

Changed

* SigstoreSigner adapted to sigstore-python 2.0 API: This allows
improved UX where a new signing identity can be defined using
interactive credentials (browser login):
`SigstoreSigner.import_via_auth()`
* Documentation improvements

Removed

* Python 3.7 is no longer supported

This release is reaping the rewards of the new signer API with four(!) new
signing methods: Two cloud based KMSs, post-quantum crypto support and a
"keyless" signing system.

Advance notice to folks using the `keys`, `ecdsa_keys`, `rsa_keys` and
`ed25519_keys` modules: these modules are headed for deprecation. Please have
a look at the `signer` API and get in touch if the functionality you need
isn't there (or if more documentation is needed).

Added
* Sigstore as a new experimental signing method (552)
* SPHINCS+ as a new experimental signing method (568)
* Azure Key Vault as a new signing method (588)
* AWS KMS as a new signing method (609)
* `CryptoSigner` as a more featureful replacement for `SSLibSigner` (604)
* Documentation that focuses on the signer API (634, 622)

Changed
* `SSLibSigner` has been deprecated: Please use `CryptoSigner` instead (604)
* `keys` module is not used for signature verification in `signer` API (585)
* Various minor fixes, please see git log for details

Added
* Signer: auto-keyid helper (557)
* Signer: de/serialization helpers (558)
* Signer: tests (555, 556)
* Sigstore Signer: import methods (535)

Changed
* HSMSigner: pre-hash data (548)
* GCP Signer, HSM Signer: auto-keyid computation (557)
* DSSE: serialize signature data as base64 for compliance (565)

Removed
* Obsolete shebangs (544, 545)
* Outdated schemes: md5, sha1 (554)

Fixed
* Various test and CI fixes (538, 541, 542, 543, 546)
* Minor SSlibKey.verify_signature error handling bug (556)