config: sign Azure versions on upload & verify on fetch (#1836)

* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

internal/api/versionsapi/cli/BUILD.bazel

@@ -14,6 +14,7 @@ go_library(
     deps = [
         "//internal/api/versionsapi",
         "//internal/api/versionsapi/client",
+        "//internal/constants",
         "//internal/logger",
         "@com_github_aws_aws_sdk_go_v2_config//:config",
         "@com_github_aws_aws_sdk_go_v2_service_ec2//:ec2",

internal/api/versionsapi/cli/main.go

@@ -23,6 +23,7 @@ import (
 	"os"
 	"os/signal"
 
+	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/spf13/cobra"
 )
 
@@ -52,7 +53,7 @@ func newRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().Bool("verbose", false, "Enable verbose output")
 	rootCmd.PersistentFlags().String("region", "eu-central-1", "AWS region of the API S3 bucket")
 	rootCmd.PersistentFlags().String("bucket", "cdn-constellation-backend", "S3 bucket name of the API")
-	rootCmd.PersistentFlags().String("distribution-id", "E1H77EZTHC3NE4", "CloudFront distribution ID of the API")
+	rootCmd.PersistentFlags().String("distribution-id", constants.CDNDefaultDistributionID, "CloudFront distribution ID of the API")
 
 	rootCmd.AddCommand(newAddCmd())
 	rootCmd.AddCommand(newLatestCmd())