Adding functionality for dirhash in cli

[matglas]

What this PR does / why we need it

Adding the dirhash-glob arguments

Which issue(s) this PR fixes (optional)

Depends on:

• Adding functionality for dirhash in library go-witness#223

Fixes: #216 and in-toto/go-witness#65

Acceptance Criteria Met

• Docs changes if needed
• Testing changes if needed
• All workflow checks passing (automatically enforced)
• All review conversations resolved (automatically enforced)
• DCO Sign-off

Special notes for your reviewer:

Todo's

• PR merged for checks to pass: Adding functionality for dirhash in library go-witness#223
• discuss what documentation is needed.
  • idea to add subject types to the attestor documentation for easier understanding of the different subjects.
  • examples or reasoning for using dirhash. also mentioning the downsides for certain use cases.

[netlify]

✅ Deploy Preview for witness-project ready!

Name	Link
🔨 Latest commit	f20a7f0
🔍 Latest deploy log	https://app.netlify.com/sites/witness-project/deploys/66d0a5f17da53900084324a1
😎 Deploy Preview	https://deploy-preview-436--witness-project.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[matglas]

@jkjell @ChaosInTheCRD I updated both PRs with the latest updates and added changes that we discussed during the Community call. Let me know if you see anything that still needs to be addressed.

[matglas]

I need some help to figure out the cause of this test failure which is hard to pinpoint. @mikhailswift or @jkjell maybe you can help a bit here.

Note this is the result when you run the code with the update from the go-witness library PR that belongs to it.

...
level=info msg="Completed product attestors stage..."
level=info msg="Starting postproduct attestors stage..."
level=info msg="Completed postproduct attestors stage..."
level=info msg="Starting verify attestors stage..."
level=info msg="Starting policyverify attestor..."
level=info msg="policy signature verified"
level=info msg="Finished policyverify attestor... (0.000167042s)"
level=info msg="Completed verify attestors stage..."
level=error msg="Verification failed"
level=error msg="Evidence:"
level=error msg="Step: step02"
level=error msg="verification failure: Reason: failed to verify artifacts for step step02: \nfailed to verify artifacts: []"
level=error msg="Step: step01"
    verify_test.go:293: 
                Error Trace:    /Users/matthias.glastra/Projects/github/in-toto/witness/cmd/verify_test.go:293
                Error:          Received unexpected error:
                                failed to verify policy: policy verification failed
                Test:           TestRunVerifyKeyPair
--- FAIL: TestRunVerifyKeyPair (0.03s)
FAIL
coverage: 30.1% of statements
FAIL    github.com/in-toto/witness/cmd  1.223s
=== RUN   TestUTPolicySuite
=== RUN   TestUTPolicySuite/TestLoadPolicyArchivista
=== RUN   TestUTPolicySuite/TestLoadPolicyArchivistaNotFound
=== RUN   TestUTPolicySuite/TestLoadPolicyFile
=== RUN   TestUTPolicySuite/TestLoadPolicyFileNotFound
--- PASS: TestUTPolicySuite (0.00s)
    --- PASS: TestUTPolicySuite/TestLoadPolicyArchivista (0.00s)
    --- PASS: TestUTPolicySuite/TestLoadPolicyArchivistaNotFound (0.00s)
    --- PASS: TestUTPolicySuite/TestLoadPolicyFile (0.00s)
    --- PASS: TestUTPolicySuite/TestLoadPolicyFileNotFound (0.00s)
PASS
coverage: 68.2% of statements
ok      github.com/in-toto/witness/internal/policy      1.049s  coverage: 68.2% of statements
FAIL
make: *** [test] Error 1

[matglas]

@jkjell @mikhailswift if the go-witness lib is updated in go.mod then this PR can be merged too and functionality can be completed.
Would you be willing to give it review?

[kairoaraujo]

Waiting for release > 0.6.0