Document fs-verity integration and plugin usage

[davide125]

Document how to use the fs-verity integration in RPM, specifically the signing flow and the plugin. This is a placeholder issue linked to an upcoming Fedora Change.

[pmatilai]

Note that the burden of documentation is primarily on those who created the code to begin with.
Of course it was my mistake to merge the code with no accompanying documentation, I guess we didn't have any good place for such docs at that time.

[ebiggers]

RPM's support for fsverity seems to be based around the idea that fsverity builtin signatures are being used. (RPM calls them simply "fsverity signatures", which is a bit misleading as it's not the only way to have signatures for fsverity files.) The builtin signatures have some problems and are difficult to use; I've been guiding people to use other solutions instead. What ended up being the actual use case here? If there is one, it needs to be clearly documented. I found a Fedora change proposal, but it is missing some essential information, and apparently it was rejected.

Another way to have signatures for fsverity files is through IMA. I'm not sure whether anyone has thought about doing that instead, in the context of RPM.