feat: add support for crl basic functionality with built-in cache

[junczhu]

Description

Enables CRL revocation with file cache during verification

What this PR does / why we need it:

The implementation is from notation cli covering CRL support CRL file-based cache support.
Removed HTTP timeout.
Related PR: notaryproject/notation#1043
Related File: https://github.com/notaryproject/notation/commits/main/cmd/notation/verify.go

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes #1889

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• This change requires a documentation update

How Has This Been Tested?

Manual test scenario: verify a signature with revocation check enabled.

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[junczhu]

Thanks for the review and as discussed, I would use a wrapper to reuse the notation-core-go fetcher to save us from maintain work.

[susanshi]

Thanks for the PR JunCheng. In general i think we need to add more detail description on the method and input/output.

[junczhu]

Thank you for all the comments and I am working on them in the implementation PR #1900
cc\ @binbin-li @susanshi @akashsinghal @shahramk64

[junczhu]

Newly introduce error returns are wrapped by return nil, re.ErrorCodePluginInitFailure.WithDetail("Failed to create the Notation Verifier").WithError(err) on line 115

[codecov]

Codecov Report

Attention: Patch coverage is 87.23404% with 6 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
pkg/verifier/notation/notationrevocationfactory.go	73.91%	4 Missing and 2 partials ⚠️

Files with missing lines	Coverage Δ
pkg/verifier/notation/notation.go	98.05% <100.00%> (+0.30%)	⬆️
pkg/verifier/notation/notationrevocationfactory.go	73.91% <73.91%> (ø)

[susanshi]

Hi @junczhu , in the PR description you mentioned "Under manual testing." Could you add the manual validation scenarios? thanks.

[susanshi]

LGTM. thanks Juncheng