Implement TAP 4 (multiple repository consensus on entrusted targets)

[vladimir-v-diaz]

Fixes issue #: #527

Description of the changes being introduced by the pull request:

This is an implementation of TAP 4 (multiple repository consensus on entrusted targets). A MultiRepoUpdater class is added that reads map.json, determines which repository URL can be used for a requested target file, and returns the updater object(s) and targetinfo for the requested target file. The client is free to use any of the returned updater objects to download the target file corresponding to the targetinfo. An example is provided below:

multi_repo_updater = tuf.client.updater.MultiRepoUpdater("path/to/map.json")
valid_targetinfo = multi_repo_updater.get_valid_targetinfo(
    "foo.tgz", match_custom_field=False)

# `valid_targetinfo` contains one or more updaters that can be used to download
# the expected file for `foo.tgz.`  `match_custom_field` is a Boolean that indicates
# whether the optional custom field in targetinfo should match across the targetinfo
# provided by the threshold of repositories.

# All of the updaters in `valid_targetinfo` provide matching and trusted
# versions of `foo.tgz.`  Try each updater in `valid_targetinfo` until the client
# successfully downloads `foo.tgz.`
for my_updater, my_targetinfo = valid_targetinfo.iteritems():
  try:
    # Save `foo.tgz` to `path/to/destination.`
    my_updater.download_target(my_targetinfo, "path/to/destination")
    break
  
  except tuf.exceptions.NoWorkingMirrorError:
    continue

The client can also access the updater objects for each repository...

pypi_updater = multi_repo_updater.repository_names_to_updaters['pypi']
pypi_updater.download_target(...)

or

pypi_updater = multi_repo_updater.get_updater('pypi', map_file['repositories'])
pypi_updater.download_target(...)

@awwad PIease have a look at this PR and let me know if it supports everything needed to create Uptane repositories. The repository tools now support the creation of multiple repositories within the same Python process.

Please verify and check that the pull request fulfills the following
requirements:

• The code follows the Code Style Guidelines
• Tests have been added for the bug fix or new feature
• Docs have been added for the bug fix or new feature

[coveralls]

Coverage decreased (-0.7%) to 98.595% when pulling 4126fc8 on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.6%) to 98.716% when pulling 5aa7460 on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.4%) to 98.904% when pulling 114feae on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.4%) to 98.936% when pulling 3eb4d3a on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.3%) to 98.967% when pulling 0550847 on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.2%) to 99.093% when pulling 92c863e on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.2%) to 99.093% when pulling 92c863e on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.04%) to 99.25% when pulling 295f4cf on vladimir-v-diaz:tap4 into cba1cae on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.04%) to 99.25% when pulling 08624f4 on vladimir-v-diaz:tap4 into 70a2e2f on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.04%) to 99.252% when pulling 0964284 on vladimir-v-diaz:tap4 into 70a2e2f on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.04%) to 99.252% when pulling 149ef4d on vladimir-v-diaz:tap4 into eee32d6 on theupdateframework:develop.

[vladimir-v-diaz]

@lukpueh @awwad
I am done refactoring the TAP 4 implementation and would like for both you to review it. You can safely ignore the large amount of JSON metadata that was added for testing.

[coveralls]

Coverage decreased (-0.04%) to 99.252% when pulling 5f3a6c3 on vladimir-v-diaz:tap4 into eee32d6 on theupdateframework:develop.

[coveralls]

Coverage decreased (-0.04%) to 99.252% when pulling 1d7a544 on vladimir-v-diaz:tap4 into 844348e on theupdateframework:develop.

[vladimir-v-diaz]

I edited the summary to document the modified API for get_valid_targetinfo().

multi_repo_updater.get_valid_targetinfo("foo.tgz", match_custom_field=True) now returns a dictionary that contains the updaters that provide matching targetinfo for foo.tgz.

valid_targetinfo = {updater1: TARGETINFO, updater2: TARGETINFO, ...}