Enable running the TUF server outside of k8s

[bkabrda]

Summary

This PR makes it possible to run the TUF server outside of k8s environment. Fixes #716

Context: I'm a member of Red Hat's Trusted Artifact Signer product team and we're trying to make Sigstore work outside of k8s environment, in a podman-based Ansible deployment. This will allow us to start the simple TUF server in a podman pod.

Release Note

Made it possible to start the TUF server in a non-k8s environment.

Documentation

I don't believe this needs documentation, as the newly added flag is self-explanatory - but do let me know if you think this should be documented somewhere.

[haydentherapper]

Generally I’m ok with this, but the TUF metadata generated from scaffolding is out of date with other modern Sigstore clients. We need to complete #1001.
Id like to see that issue completed first rather than proliferate the use of this TUF repo implementation, but I also recognize there’s blocking work to get this done.

[bkabrda]

Thanks for sharing the link to the trusted root TUF target issue, I wasn't aware of that and I'll definitely go through it.

My aim is to mostly use this TUF server as a "quick preview" service that a user could stand up quickly, hence I didn't dive into any other issues. I think my PR doesn't make the current situation worse, it only allows running the same code outside of k8s. Would that make it good enough to be accepted right now?

[jku]

aim is to mostly use this TUF server as a "quick preview" service that a user could stand up quickly

My only worry is that some folks will think this is a reasonable way to setup a real TUF repository. That said I don't think this patch makes things worse

[bkabrda]

My only worry is that some folks will think this is a reasonable way to setup a real TUF repository.

I totally see what you mean. I think that could perhaps be fixed by explicitly stating in the README that this is not a production-grade service and maybe also emitting a warning logline saying this when starting the TUF server?