Features:
* Support creating an offline update from wave targets.
Fixes:
* Do not add keyEncipherment or keyAgreement to the device gateway TLS certificate.
These key usages are disallowed for ECDSA certificates by the latest X.509 standard.
* Always compare apps to latest apps in config when validating new updates config.
Apps reported as installed by the device are shown to the user, but not used for validation.
* Properly check if production target exists for a given tag when creating an offline update.
Changes:
* Dynamically build source URL used by a Git helper in MEDS.
* Dynamically build registry URL used by a Docker helper in MEDS.
* Improve a human readable error shown when factory PKI is not initialized.
* Improve a human readable error shown when TUF private keys are missing.
* Fetch apps for offline update from the published run if it is present.
* Improve UX of the SBOM conversion process.
