feat: add blob policy import and show commands

[JeyJeyGao]

Feat:

• added notation blob import and notation blob show commands

Test:

• added E2E test cases

Corresponding spec:
https://github.com/notaryproject/notation/blob/2ff8754717877adfd45266cfa8ba65705c397ea0/specs/commandline/blob.md

help example:

$ notation -h

Notation - a tool to sign and verify artifacts

Usage:
  notation [command]

Available Commands:
  blob        Sign, verify and inspect singatures associated with blobs
  certificate Manage certificates in trust store
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  inspect     Inspect all signatures associated with the signed artifact
  key         Manage keys used for signing
  list        List signatures of the signed artifact
  login       Login to registry
  logout      Log out from the logged in registries
  plugin      Manage plugins
  policy      Manage trust policy configuration
  sign        Sign artifacts
  verify      Verify OCI artifacts
  version     Show the notation version information

Flags:
  -h, --help   help for notation

Use "notation [command] --help" for more information about a command.

$ notation blob -h

Sign, inspect, and verify signatures and configure trust policies.

Usage:
  notation blob [command]

Available Commands:
  policy      Manage trust policy configuration for signed blobs

Flags:
  -h, --help   help for blob

Use "notation blob [command] --help" for more information about a command.

$ notation blob policy -h

Manage trust policy configuration for arbitrary blob signature verification.

Usage:
  notation blob policy [command]

Available Commands:
  import      Import trust policy configuration from a JSON file
  show        Show trust policy configuration

Flags:
  -h, --help   help for policy

Use "notation blob policy [command] --help" for more information about a command.

$ notation blob policy import -h

Import blob trust policy configuration from a JSON file.

Example - Import trust policy configuration from a file:
  notation blob policy import my_policy.json

Usage:
  notation blob policy import [flags] <file_path>

Flags:
      --force   override the existing trust policy configuration, never prompt
  -h, --help    help for import

$ notation blob policy show -h

Show blob trust policy configuration.

Example - Show current blob trust policy configuration:
  notation blob policy show

Example - Save current blob trust policy configuration to a file:
  notation blob policy show > my_policy.json

Usage:
  notation blob policy show [flags]

Flags:
  -h, --help   help for show

[codecov]

Codecov Report

Attention: Patch coverage is 94.78261% with 6 lines in your changes missing coverage. Please review.

Project coverage is 73.30%. Comparing base (cd933da) to head (6b9922a).

Files with missing lines	Patch %	Lines
cmd/notation/blob/policy/import.go	89.65%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1126      +/-   ##
==========================================
+ Coverage   72.38%   73.30%   +0.91%     
==========================================
  Files          50       53       +3     
  Lines        3125     3240     +115     
==========================================
+ Hits         2262     2375     +113     
- Misses        670      671       +1     
- Partials      193      194       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[yizha1]

@JeyJeyGao why the spec you referenced didnot point to main branch?

[JeyJeyGao]

@JeyJeyGao why the spec you referenced didnot point to main branch?

@yizha1 The link will be kept in the git history, so we need to pin the link to ensure the target file is not changed and remains accessible.

[Two-Hearts]

LGTM

[shizhMSFT]

Please address the comments in the last review.

[shizhMSFT]

LGTM

[Two-Hearts]

LGTM

[Two-Hearts]

This PR depends on: notaryproject/notation-go#502 which fixes an error message of blob trust policy.

[JeyJeyGao]

This PR depends on: notaryproject/notation-go#502 which fixes an error message of blob trust policy.

Updated.

[shizhMSFT]

LGTM