Add GPGSigner implementation

[MVrachev]

Related to: theupdateframework/python-tuf#1263

Description of the changes being introduced by the pull request:

The GPGSigner is an implementation of the new "Signer" interface
that was merged in #319
and could be found in securesystemslib.signer.py

This is the next logical step given that securesystemslib supports GPG
and we want this interface to have implementations for all signature
types which are already supported by securesystemslib.

While implementing the GPGSigner, I wanted to make sure that one can
easily sign a portion of data, receive a Signature object and use the
information stored in that object to verify the signature.

To verifty a GPG signature, one have to use
securesystemslib/gpg/functions.verifty_signature():

securesystemslib/securesystemslib/gpg/functions.py

Line 176 in 6895306

def verify_signature(signature_object, pubkey_info, content):

There, the signature_object argument should be in the
securesystemslib.formats.GPG_SIGNATURE_SCHEMA format:

securesystemslib/securesystemslib/formats.py

Line 388 in 6895306

GPG_SIGNATURE_SCHEMA = SCHEMA.Object(

I searched for a way to easily retrieve the additional fields in the
GPG_SIGNATURE_SCHEMA - other_headers and info from the keyid stored
in the "Signature" object returned by the "sign" operation.
Unfortunately, right now there is no function that I can use for that
purpose.
The only option I was left with, was to create a new class:
GPGSignature where we can store those additional fields returned
from securesystemslib.gpg.functions.create_signature() which we call
during the "sign" process.

Please verify and check that the pull request fulfils the following requirements:

• The code follows the Code Style Guidelines
• Tests have been added for the bug fix or new feature
• Docs have been added for the bug fix or new feature

[lukpueh]

Cool stuff, @MVrachev! Thanks for adding this wrapper. Except for some minor documentation-related nits, the implementation looks good to me.

Regarding testing, I don't think it is necessary to copy/paste so much of test_gpg. In terms of tested functionality (lines of code) it seems redundant, while adding extra review/maintenance effort.

IMO it should be enough to add one exemplary test case for one key type only, doing

• signature creation
• maybe some vetting of the signature object ... were the fields assigned as expected? etc
• signature conversion (to dict)
• successful and unsuccessful signature verification

I suppose you could do this twice, one time with the default key and one time with a passed keyid.

[MVrachev]

I have addressed all comments made by @lukpueh and fixed all documentation issues he pointed out.

Also, I removed a big chunk of the test files as they were replicating the same tests in test_gpg.py.
I left only GPGRSA tests testing that signing and verification can be done with default and custom keys.

[MVrachev]

@lukpueh do we want to move this forward or it's not as much as important as originally discussed in theupdateframework/python-tuf#1263

[lukpueh]

It's not a priority. But let's keep the PR around.

[lukpueh]

@MVrachev, would you mind resolving the conflict here so that we can merge this PR?

@PradyumnaKrishna, pinged me about it, as he might find this useful when implementing DSSE (#370).

[MVrachev]

@lukpueh and @PradyumnaKrishna I am sorry I responded so late...
I rebased on top of master and fixed the docstring.

[lukpueh]

💯 Thanks for reviving the PR, @MVrachev. I have one minor change request. Otherwise this looks great.

[MVrachev]

@lukpueh removed the info field as you have suggested.

[lukpueh]

Thanks!