Since the verification of a signature will, by definition, include
verifying the content has not been altered, it is unnecessary to require
users of the CLI or REST API to specify the SHA256 hash of the content
when creating a new entry into the log.

Note that the server will still compute the hash and store it in the log
for ease of comparison.

Fixes #180

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* Bump github.com/google/trillian from 1.3.10 to 1.3.13

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.3.10 to 1.3.13.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.3.10...v1.3.13

)

Signed-off-by: dependabot[bot] <support@github.com>

* update to new package structure

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* register hasher

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* revert to original naming

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* Bump github.com/go-openapi/spec from 0.20.1 to 0.20.3

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.1 to 0.20.3.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.20.1...v0.20.3

)

Signed-off-by: dependabot[bot] <support@github.com>

* update go.sum

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Luke Hinds <7058938+lukehinds@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.0.0 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.0.0...v1.1.3

)

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.19.9 to 0.20.0.
- [Release notes](https://github.com/go-openapi/errors/releases)
- [Commits](https://github.com/go-openapi/errors/compare/v0.19.9...v0.20.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.20.1...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/loads](https://github.com/go-openapi/loads) from 0.20.0 to 0.20.2.
- [Release notes](https://github.com/go-openapi/loads/releases)
- [Commits](https://github.com/go-openapi/loads/compare/v0.20.0...v0.20.2

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This just exposes the default go metrics for now. We can use middleware to expose
more custom metrics for our API.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: Dan Lorenc <dlorenc@google.com>

This should fix the rest of the errors.

- Run through the get flow, make sure the output is well structured
- Call loginfo, make sure there are no errors.

* Add support for ed25519/signify/minisign keys and signatures

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

- adds trillian API object to context
- improves request error logging pre and post validation
- use consistent request context throughout all GRPC calls
- improve validation of incoming UUID values
- disable swagger UI endpoint
- only print cacheable headers if response code is HTTP 2XX
- use GetLeavesByRange instead of deprecated GetLeavesByIndex API

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* add types unit tests

* explicitly ignore error from ValidateLeaf

* improve PGP unit test coverage (#58)

* update & improve pgp unit tests

* add types unit tests

* explicitly ignore error from ValidateLeaf

* use files instead of embedded strings

* update & improve pgp unit tests

If the HTTP fetch failed, the io.Pipe created to pass the response body to the
goroutines that compute the SHA256 hash and verify the signature would be leaked.

Some changes:
- import names (app -> api, logging -> log)
- Commands package (cmd -> app)

This also breaks the go module dependency on rekor-server.

Seems to work for Node right now. I haven't tested on linux.