Currently the slicer test defines one archive named "ubuntu" for all
test cases no matter what they define in chisel.yaml. But since commit
afad3d2 we allow more archives with different names to be defined in
chisel.yaml. Define a test archive for each of them.

MakeDeb() now expects that all provided tar entries have a non-empty
name. Otherwise it panics on array out of bounds access. Fix it.

We can create tarballs containing entries with empty name just fine. It
makes GNU tar fail when extracting, but it fails gracefully with

  tar: Substituting `.' for empty member name
  -rw-r--r-- root/root         0 1970-01-01 01:00
  tar: .: Cannot open: File exists
  tar: Exiting with failure status due to previous errors

Use the short timeout httpClient and long timeout bulkClient in archive.go properly. Use the quick httpClient to fetch small files such as Release files. For packages and indexes, use the bulkClient as the files can be quite big.

Fixes #14.

Currently testArchive.Options() returns archive.Options with only the
Arch field set. In future we would like to extend testArchive to behave
differently based on its chisel.yaml definition.

Initialize archive.Options from setup.Release and store it in the
testArchive structure for each archive defined in chisel.yaml.

Kinetic is EOL and its archive is gone and the tests fail. Drop it from
spread tests.

* ci: add cla-check, lint and security scan workflows

This commit adds the following github workflows:

  - CLA check: Check if Canonical's Contributor License Agreement has
    been signed by the PR author(s).
  - Lint: Ensure fomatting changes using ``gofmt`` and run errcheck,
    unused, staticcheck linters using golangci-lint.
  - Security: Run Trivy vulnerability scanner to check for known
    vulnerabilities.

Co-authored-by: Cristovao Cordeiro <cristovao.cordeiro@canonical.com>

* refactor: format with ``go fmt ./...``

* refactor: remove unused code

This commit removes unused code (variables, functions etc.) across the
codebase, with a few exceptions. Namely the unused functions from
``log.go`` in various packages are kept for future use. Additionally
the ``addDebugCommand`` function in `cmd/chisel/main.go` is kept too.

* refactor: remove deprecated (imported) packages

The ``io/ioutil`` package has been deprecated since Go 1.19. Usage of
this package have been removed appropriately.

The ``golang.org/x/crypto/ssh/terminal`` package has been deprecated and
moved to ``golang.org/x/term`` package. Usage have been updated likewise.

* refactor: always check errors

* ci: configure linters

This commit adds a config file ``.golangci.yaml`` for the lint workflow.
It removes the previous arguments passed to golangci-lint in favor of
the new configuration file.

---------

Co-authored-by: Cristovao Cordeiro <cristovao.cordeiro@canonical.com>

Introduce shorthand constructors for testutil.TarEntry structures. These
are Reg(), Dir() and Lnk() functions.

The rationale for this addition is to make the test case definition less
verbose. There are other changes in the queue that construct custom
packages to test various test cases. In all these new tests (and old
ones as well) we only care about file's type, path, mode and content.
With these shorthand constructors and function aliases we can define tar
entries like:

	Dir(0755, "./data/"),
	Reg(0600, "./data/document.txt", "words words words"),
	Lnk(0777, "./data/document", "document.txt"),

Instead of:

	testutil.TarEntry{
		Header: tar.Header{
			Name: "./data/",
			Mode: 0755,
		},
	},
	testutil.TarEntry{
		Header: tar.Header{
			Name: "./document.txt",
			Mode: 0600,
		},
		Content: []byte("words words words"),
	},
	testutil.TarEntry{
		Header: tar.Header{
			Name:     "./document.txt",
			Mode:     0777,
			Linkname: "document.txt",
		},
	},

The reason for the 3 letter names and the order of arguments is to make
the list of paths aligned on the same column in tarball definitions.

These function only create barebone TarEntry. It'll still get adjusted
when passed through fixupTarEntry().

This commit extends the chisel release with keyring definitions.
Keyrings are defined in ASCII armored format in the top-level
public-keys property by name. Keyrings are referenced by name in the
public-keys list property in archive definitions. An example of the
extended chisel release file is at the bottom.

This commit uses the newly added github.com/ProtonMail/go-crypto/openpgp
package dependency[1]. This package is a maintained fork of the
deprecated golang.org/x/crypto/openpgp package[2][3].

[1] https://github.com/ProtonMail/go-crypto
[2] https://pkg.go.dev/golang.org/x/crypto/openpgp
[3] https://golang.org/issue/44226

Example chisel.yaml:

    format: chisel-v1
    archives:
      ubuntu:
        version: 22.04
        components: [main, universe]
        suites: [jammy, jammy-updates, jammy-security]
        public-keys: [ubuntu]
      ubuntu-fips:
        version: 22.04
        pro: fips
        components: [main]
        suites: [jammy]
        public-keys: [ubuntu-fips]
    public-keys:
      ubuntu: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQINBFzZxGABEADSWmX0+K//0cosKPyr5m1ewmwWKjRo/KBPTyR8icHhbBWfFd8T
        DtYggvQHPU0YnKRcWits0et8JqSgZttNa28s7SaSUTBzfgzFJZgULAi/4i8u8TUj
        +KH2zSoUX55NKC9aozba1cR66jM6O/BHXK5YoZzTpmiY1AHlIWAJ9s6cCClhnYMR
        ...
        E+SWDGxtgwixyPziL56UavL/eeYJWeS/WqvGzZzsAtgSujFVLKWyUaRi0NvYW3h/
        I50Tzj0Pkm8GtgvP2UqAWvy+iRpeUQ2ji0Nc
        =j6+P
        -----END PGP PUBLIC KEY BLOCK-----
      ubuntu-fips: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+b9E44IpGhgWYDufj0gaM
        /UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjBWtn6dThYv7n+KL8bptSC
        Xgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+prKIrXf5ibio48j3AFvd
        ...
        mguPI1KLfnVnXnsT5JYMbG2DCLHI/OIvnpRq8v955glZ5L9aq8bNnOwC2BK6MVUs
        pbJRpGLQ29hbeH8jnRPOPQ+Sbwa2C8/ZSoBa/L6JGl5RDaOLQ1w=
        =6Bkw
        -----END PGP PUBLIC KEY BLOCK-----

Ignoring extra fields makes the code forward compatible with changes in
the yaml format, without a version bump being necessary.