Store a fingerprint on ManifestSignature

[dralley]

Version

All

Describe the bug

OpenPGP v6 (RFC 9580) signatures do not contain KeyIDs, only fingerprints.

ManifestSignature assumes that KeyID will be available: https://github.com/pulp/pulp_container/blob/main/pulp_container/app/models.py#L402

Key IDs are deprecated and have a higher collision risk than fingerprints.

Solution

Store a key fingerprint on ManifestSignature.

Additional context
Add any other context about the problem here. Please provide links to any previous discussions via Discourse or Bugzilla.