Securesystemslib

**NOTE**: this will be the final release of securesystemslib that supports
Python 2.7.
This is because Python 2.7 was marked [end-of-life](
https://www.python.org/dev/peps/pep-0373/) in January of 2020, and
since then several of securesystemslib's direct and transitive dependencies
have stopped supporting Python 2.7. securesystemslib's major users, the Python
implementations of tuf (v0.167.0) and in-toto (v1.1.0), have already dropped
support for Python 2.7.

Changed
* Switched to GitHub-native Dependabot (349)
* Updated Debian packaging metadata (343)
* Bump cryptography dependency (346)

Fixed
* Fix the Signer abstract base class's method signature to include self (348)

Added
* Add signing abstraction to facilitate custom implementations (319)

Changed
* Refactor imports to allow vendoring for pip (316)
* Limit GitHub Actions to avoid duplicate Dependabot builds (335)
* Enhance GitHub Action reporting for ed25519 upstream check (338)
* Bump dependencies: cryptography (336)

Fixed
* Pad OpenPGP EdDSA signatures to avoid sporadic verification failures (340)

Added
* Enable setting which GPG client to use through an environment variable (315)

Changed
* Dropped support for EOL Python 3.5 and add support for Python 3.9 (314)
* Converted the default local storage backend, FilesystemBackend, to be a
singleton (302)
* Migrated CI from travis-ci.org to travis-ci.com (303) then later to GitHub
Actions (324)
* Bump dependencies: cffi (306, 329), cryptography (322, 333). NOTE: the
latest version of cryptography is no longer used on Python 2, as that is not
supported.
* Updated Debian packaging metadata (313 & 318)
* Improved messaging for issues automatically filed on upstream changes to our
vendored ed25519 dependency (317)
* Updated the ed25519 tracking script for upstream's branch name change (331)

Fixed
* Empty lists should not be used as the default argument for a function (304)

Added
* `interface.generate_and_write_unencrypted_{rsa,ed25519,ecdsa}_keypair` (288)
* `interface.generate_and_write_{rsa,ed25519,ecdsa}_keypair_with_prompt` (288)
* `interface.import_privatekey_from_file`(288)
* GitHub Action to auto-check upstream changes for vendored ed25519 (294)

Changed
* `interface.generate_and_write_{rsa,ed25519,ecdsa}_keypair` require a password
as first positional argument (288)
* `interface.import_{rsa,ed25519,ecdsa}_privatekey_from_file` do not error on
empty password, but pass it on to lower level decryption routines (288)
* `interface.import_ecdsa_privatekey_from_file` supports loading unencrypted
private keys (288)
* Revise `interface` and `gpg.functions` docstrings, and example snippets, and
use Sphinx compatible Google Style docstring format (288, 300)
* Linter-flagged cosmetic changes (292, 295, 296)
* Bump dependencies: cryptography (291, 293)
* Bump vendor copy of ed25519 (299)

Added
* Add `interface.import_publickeys_from_file()` convenience function (278, 285)
* Add `gpg.export_pubkeys()` convenience function (277)
* Add support to `hash` module for blake2b-256 algorithm (283)

Changed
* Use ecdsa as keytype for ECDSA keys to better distinguish between keytype
and scheme (267)
* Bump dependencies: cffi (266, 273), cryptography (269, 274),
and colorama (284)
* Removed python-dateutil dependency (268)
* Prepare Debian downstream releases (198)
* Remove unused helper (`_prompt`) and global (`SUPPORTED_KEY_TYPES`) from
interface module (276)
* Refactored and extended interface tests (279, 287)

Added
* Added new, self-explanatory, AnyNonEmptyString schema (244)
* Separate functions for getting a file's length, `util.get_file_length()`, and
a file's hashes, `util.get_file_hashes()` (259)

Changed
* Improved documentation for abstract storage interface (240)
* Change PATHS_SCHEMA to be any non-empty string (244)
* Updated `keys.format_metadata_to_key()` to take an optional list of hashing
algorithms rather than requiring users modify `settings.HASH_ALGORITHMS` to
change this behaviour (227)
* Rather than silently ignoring empty paths, throw an exception on empty file
path in `storage.FileSystemBackend.create_folder` (252)

Fixed
* Proper tearing down of storage tests (249)
* Handle empty directories in `util.ensure_parent_dir()` (260)
* Fix tests to work with newer versions (3.0 or newer) of the cryptography
module (264)