In-toto

**NOTE**: this release of in-toto drops supports for Python 2.7.
This is because Python 2.7 was marked [end-of-life](
https://www.python.org/dev/peps/pep-0373/) in January of 2020, and
since then several of in-toto's direct and transitive dependencies have stopped
supporting Python 2.7.

Added
* SPDX License identifiers and copyright information (440)
* Aditya Sirish (adityasaky) as a maintainer (443)

Changed
* PyPI development status from `Beta` to `Production/Stable` (447)
* Santiago Torres-Arias's (SantiagoTorres) email to reflect Purdue affiliation
(446)
* Debian downstream release metadata (437)
* Bump dependency: cryptography (442)

Removed
* Dropped support for Python 2.7 (438)

**NOTE**: this will be the final release of in-toto that supports Python 2.7.
This is because Python 2.7 was marked [end-of-life](
https://www.python.org/dev/peps/pep-0373/) in January of 2020, and
since then several of in-toto's direct and transitive dependencies have stopped
supporting Python 2.7.

Added
* Python 3.9 in the CI test matrix (419)
* Logo and other visual enhancements on readthedocs (420, 428)
* Review of first evaluation period for 2021 roadmap (421)

Changed
* Switch to GitHub Actions for CI (432)
* Switch to only running bandit on Python versions greater than 3.5 (416)
* Debian downstream release metadata (418)
* Bump tested dependencies: cffi (415, 427), cryptography (424, 429),
securesystemslib (430, 431), iso8601 (423) **NOTE**: the latest version of
cryptography is no longer used on Python 2, as that is not supported.

Removed
* Dropped support for Python 3.5 (419)

Added
* '-P/--password' (prompt) cli argument for in-toto-run/in-toto-record (402)
* in-toto-run link command timeout setting (367)
* API and usage documentation for cryptographic key handling with
securesystemslib (402, 408)
* Artifact recording exclude pattern documentation (373, 405)
* Test key generation mixin (402)
* 2021 roadmap document (381)

Changed
* Move 'settings' docs to new 'configuration' section and make minor
enhancements in structure and content (405)
* Update tested dependencies (377, 383, 384, 386, 389, 390, 394, 397,
398, 400, 404, 406, 409, 410, 411)
* Debian downstream release metadata (382)

Removed
* 'util' crypto module in favor of securesystemslib key interfaces (402)
* Obsolete coveralls.io API call in Travis test builds (399)

Fixed
* Minor docs issues (396, 385, 395)
* pylint 2.6.0 (387) and lgtm.com (379) warnings

* Docs: Major CLI and API documentation overhaul and release (341, 369)
* Bugfix: Use kwargs in in-toto-run to fix lstrip-paths bug (340)
* Feature: Add option to specify target directory for generated metadata (364)
* Tests: Add Python 3.8 to tested versions (339)
* Tests: Add tmp dir and gpg key test mixins (345)
* Tests: Use constant from securesystemslib to detect GPG in tests (352)
* Tests: Enhance test suite feedback on Windows (368)
* Dependencies: Misc updates (342, 346, 349, 350, 353, 354, 356, 358,
359, 362, 363, 366)

* Drop custom OpenPGP subpackage and subprocess module and instead use the
ones provided by securesystemslib, which are based on the in-toto
implementation and receive continued support from a larger community (325)
- A race condition that caused tests to sporadically fail was already fixed
in securesystemslib and is now also available to in-toto (282,
secure-systems-lab/securesystemslib186)
* Add Sphinx boilerplate and update installation instructions (298, 331)
* Update misc dependencies (317, 318, 319, 320, 322, 323, 324, 326, 327, 328, 333, 335, 329)
* Update downstream debian metadata (311, 334)

* Update securesystemslib dependency to v0.12.0 (299)
* Add `--version` option to CLI tools (310)
* Address linter warnings (308)
* Update downstream debian metadata (302, 305, 309)