Key ID generation is incorrect for non-ECDSA keys

[woodruffw]

See sigstore/rekor#2062 for the full context here. TL;DR: we have an internal key_id helper that essentially does SHA256(DER(SPKI(key)), which is correct for ECDSA keys but not for Ed25519 or RSA.

Following #953 this will no longer cause failures, but will be suboptimal in terms of searching all keys in the keyring. We should fix our key ID generation and handling to make it more optimal.

[haydentherapper]

Pending agreement, I think we should have RSA be the same key ID calculation. Doing the complex computation with 0xff doesn't feel worthwhile.

Also note the update on the thread, I think we can put checkpoint key ID in the trust root so that clients don't have to compute it.

[woodruffw]

Pending agreement, I think we should have RSA be the same key ID calculation. Doing the complex computation with 0xff doesn't feel worthwhile.

SGTM!