feat: rfc-1102 tapplet registry

[karczuRF]

The Tapplets Registry is the fundamental part of the Tari Universe. This RFC propose the registry structure as well as manifest file as list of registered and verified tapplets.

[stringhandler]

Possible con for NPM: There is a risk of dependencies introducing vulnerabilities (supply chain attack)

[CjS77]

A few nits. But LGTM

[CjS77]

Suggested change

	Github repository is the solution which assumes that every tapplet's metadata is stored in a separate folder, each version in a subfolder. Tapplets themself are distributed az zip bundles, so the code is not stored in the folder. Tapplet Registry manifest file, named `tapplets-registry.manifest.json`, keeps metadata about verified and listed tapplets.
	Github repository is the solution which assumes that every tapplet's metadata is stored in a separate folder, each version in a subfolder. Tapplets themself are distributed as zip bundles, so the code is not stored in the folder. Tapplet Registry manifest file, named `tapplets-registry.manifest.json`, keeps metadata about verified and listed tapplets.

[CjS77]

nit: Usually "Tari Blockchain" refers to the Layer 1, since the L2 is not a blockchain per sê. Tari Network, or L2, is more unambiguous.

[CjS77]

If I understand this right:
All curated tapplets' source code will be stored together in a single monolithic Github repo.
I guess this means that to add your app to the registry, you open a PR adding your code to the monolith. Is this right?

Edit: My question is answered below. I'll leave this comment in as an indication that it took a while to grok what this paragraph was saying.

[CjS77]

Ok, I asked about this in RFC-1101.
So, there's a high degree of trust being placed in the maintainers of the registry repo.

It would be good to make this trust model explicit somewhere.