Add support for recoginizing allow.pub as an spiffe issuer

[evanphx]

Summary

Add support for fulcio to allow spiffe tokens signed by allow.pub

Description

I'm building an OCI registry that would like to perform server side
cosign support via fulcio. The OCI registry is called vcr.pub and should
be available in beta form soon.

The reason that the domain used here is allow.pub rather than vcr.pub is
one of the future services we'd like to support is other OIDC related
authentication tasks, so we've separated it from the OCI registry off
the bat.

[mattmoor]

Neither vcr.pub or allow.pub resolve to anything meaningful in the browser. Perhaps include (comment?) a way to learn more?

[evanphx]

Certainly! The websites are absolutely blank atm because I'm just getting those services up and going.

vcr.pub is the focus here, it's a simple, credit based OCI registry. Credit based meaning it's a bit like tarsnap where you pay upfront for credits and usage deducts from there. The idea is to build the best OCI registry that I want to use, which includes image signing, thus my interest in sigstore/fulcio.

vcr.pub is in alpha atm but I'd like to get the automated signing going before promoting it more, since this sort of integration is a great feature to talk about.

More than happy to answer any questions about it or anything else!

[evanphx]

You make a great point, since I'm talking about these things outside my own tiny circle I should go ahead and at least provide something meaningful for browsers. I'll get that sorted out this weekend.

[evanphx]

I've at least provided some redirects at https://allow.pub and https://vcr.pub for now.

[dlorenc]

Once you get the DCO fixed this should be good!

[evanphx]

@dlorenc Ah! Ok, DCO fixed!

[dlorenc]

This should be live!

[evanphx]

@dlorenc Thank you!