Securesystemslib

Added
* CryptoSigner: create from `cryptography` private key with new constructor (675)
* SSlibKey: create from `cryptography` public key with new `from_crypto` method (678)
* Release: auto-release with PyPI Trusted Publishing (683)
* Docs to migrate legacy key files (658)

Removed
* Removed `SSlibKey.from_pem` factory method in favor of `from_crypto` (678)

This release contains improved Sigstore support.

Changed

* SigstoreSigner adapted to sigstore-python 2.0 API: This allows
improved UX where a new signing identity can be defined using
interactive credentials (browser login):
`SigstoreSigner.import_via_auth()`
* Documentation improvements

Removed

* Python 3.7 is no longer supported

This release is reaping the rewards of the new signer API with four(!) new
signing methods: Two cloud based KMSs, post-quantum crypto support and a
"keyless" signing system.

Advance notice to folks using the `keys`, `ecdsa_keys`, `rsa_keys` and
`ed25519_keys` modules: these modules are headed for deprecation. Please have
a look at the `signer` API and get in touch if the functionality you need
isn't there (or if more documentation is needed).

Added
* Sigstore as a new experimental signing method (552)
* SPHINCS+ as a new experimental signing method (568)
* Azure Key Vault as a new signing method (588)
* AWS KMS as a new signing method (609)
* `CryptoSigner` as a more featureful replacement for `SSLibSigner` (604)
* Documentation that focuses on the signer API (634, 622)

Changed
* `SSLibSigner` has been deprecated: Please use `CryptoSigner` instead (604)
* `keys` module is not used for signature verification in `signer` API (585)
* Various minor fixes, please see git log for details

Added
* Signer: auto-keyid helper (557)
* Signer: de/serialization helpers (558)
* Signer: tests (555, 556)
* Sigstore Signer: import methods (535)

Changed
* HSMSigner: pre-hash data (548)
* GCP Signer, HSM Signer: auto-keyid computation (557)
* DSSE: serialize signature data as base64 for compliance (565)

Removed
* Obsolete shebangs (544, 545)
* Outdated schemes: md5, sha1 (554)

Fixed
* Various test and CI fixes (538, 541, 542, 543, 546)
* Minor SSlibKey.verify_signature error handling bug (556)

Added
* EXPERIMENTAL DSSE implementation (487)
* EXPERIMENTAL sigstore signer and verifier (522)
* Minimal TUF/in-toto spec-compliant GPG verifier (488)
* API-typical 'import' and 'from URI' GPG signer methods (488)

Changed
* Require public key in GPG signer and disallow subkey signatures (488)
* Increase GPG subprocess timeout (502)
* Rename default branch to 'main' (523)
* Make HSM signer URI configurable (526)
* Allow tox to skip virtual HSM tests (528)
* Strip PEM keys to compute keyids consistently (453)

Removed
* Internal GPG version utils (504)
* Custom subprocess interface (505)
* Vendored ssl module (506)

Fixed
* Windows compatibility issues and re-enable Windows CI (518)
* GPG subprocess timeout configurability (502)

Added
* Private key URI schemes for signer instantiation (456)
* Public key container class for signature verification (456)
* Post-quantum sphincs+ signing scheme (427)
* Hardware Security Module (HSM) signing (472)
* Google Cloud KMS signing (442, 480)

Changed
* Use pyproject.toml for build configuration (253)
* Use hatchling as build backend (484)
* Auto-format and lint all code (439, 490)
* Various CI and build improvements (459, 460, 476, 493, 464)

Removed
* Drop colorama optional dependency and colorized output support (443)

Fixed
* Don't shell out to gpg on import (437)
* Fix metaclass definition (473)
* Make GPGSigner signatures specification compliant (486)