Add notation rc-1 support

[dtzar]

This notably includes a new directory and trust store which should work with ratify. Will update this issue with more details later. This should be done before #147

Specific features which will be added as a result:

• Support for certificate chaining during verification #276
• Implement notation's Trust Store and Trust Policy #388

[etrexel]

The notation-go v0.10.0-alpha.3 update still provides the original Verifier struct that we are using now with a modest change to handling trusted certs, but the new Verifier struct that includes support for TrustPolicy is a substantial shift from the previous implementation.

The new Verify function accepts an artifactUri string for verification and performs all of the signature artifact retrieval internally via a new notation Repository interface which will require us to implement a shim for our referrerstore. This internal retrieval looks for all notaryv2 signatures attached to the provided artifactUri which further breaks our model of handling individual artifacts within the executor.

There are a couple options that we can explore:

• Work with the notation project to refactor some of the currently module-scoped implementation into notation-core-go so that we can use it without having to add shims to our existing model
• Implement shims to utilize notation-go as-is
• Replicate some of the private functionality from notatation-go directly in the ratify notaryv2 verifier

[dtzar]

Per the community call today, @etrexel is going to file an issue to notation-go to propose changes which would help us implement (2nd/3rd bullets). notation-core-go is designed to be only core crypto and utilized by notation-go, so 1st bullet likely wouldn't fly.

[etrexel]

See link above for issue in notation-go.

[sajayantony]

Does this issue also cover the work to move to Trust policy or is there another item tracking the work for trust policy include updating docs for this one /cc @binbin-li