Clarify procedure for updating to new root.json

[vladimir-v-diaz]

Clients should validate new root.json according to the threshold and keys set by its previous version.

See @heartsucker's comment here.

[vladimir-v-diaz]

@heartsucker Let us know if this PR captures the case you raised in issue rust-tuf/32

[coveralls]

Coverage remained the same at 97.936% when pulling 63ec868 on vladimir-v-diaz-patch-1 into ec83e56 on develop.

[awwad]

I think it's still a bit confusing. How about this paragraph?

	   To replace a compromised root key or any other top-level role key, the root
	   role signs a new root.json file that lists the updated trusted keys for the
	   role.
	   In the event that the keys being updated are root keys, it is important to
	   note that the new root.json must at least be signed by the keys listed as
	   root keys in the previous version of root.json, up to the threshold listed for
	   root in the previous version of root.json. If this is not the case, clients will
	   (correctly) not validate the new root.json file.

[vladimir-v-diaz]

@awwad I added your and heartsucker's suggestions. What do you think of the changes?

[awwad]

I think it's good, with the typo at the end fixed. You don't think my wording was wordy / unclear, then, I gather?

[awwad]

Oh - btw, contingent on the instructions for the client updater procedure being added as well, which we talked about. (Something like what @heartsucker has in #444). I guess @trishankkarthik is doing that?

[coveralls]

Coverage remained the same at 97.936% when pulling 7c96933 on vladimir-v-diaz-patch-1 into ec83e56 on develop.

[coveralls]

Coverage remained the same at 97.936% when pulling 7c96933 on vladimir-v-diaz-patch-1 into ec83e56 on develop.

[vladimir-v-diaz]

Yup, a detailed client update workflow is being added to the specification in pull request #440.