Support Adding External Keys #528
Description
The CLI currently has a gen-key method and a revoke-key method, but not an add-key method. This makes it hard for users with external keys, for example KMS or otherwised managed key services, to add their keys to the root.json. Whilst it can be done with json manipulation, it would be much nicer if the tuf cli supported it natively to avoid mistakes or misconfiguration.
I propose the following
tuff add-key <role>
--keytype # eg. "rsa"
--public-value # The value of the public key
--scheme #eg "rsassa-pss-sha256"
# Returns the key-id
This will then add the key to the root,json in both the keys, and the roles fields with the correct hashed key id, and will return a key id which can then be used in subsequent signing requests.