_internal.tuf: exception handling

[jku]

#351 is going to add sigstore._internal.tuf module. It does not handle errors consistently at the moment.

@woodruffw on error handling:

sigstore-python needs some exception refactoring anyways, and we could probably do a better job with the overall refactor by batching any handling here into those changes.

In that light, I'll just document the current sigstore._internal.tuf.TrustUpdater situation here:

• constructors may raise
  • OSError on file read/write errors
• TrustUpdater.get_*() methods may raise
  • OSError on file read/write errors
  • python-tuf DownloadError when we fail to download something from remote (metadata or target file)
  • python-tuf RepositoryError when the metadata is not valid -- repository is in a state that means we can't continue
  • parsing errors in TrustUpdater._get() code: metadata was valid TUF metadata but does not contain what we expected

Some of these we might not want to handle (like OSError) but e.g. DownloadError could be a fairly common occurrence with network hiccups and such?

[woodruffw]

Some of these we might not want to handle (like OSError) but e.g. DownloadError could be a fairly common occurrence with network hiccups and such?

Yeah, I think we want to prioritize the ones that can come from network problems.