Add support for OPA's signed bundle format (see docs).
- Config: add top-level keys block and signing section under
BundleConfig (keyid, scope, exclude_files).
TarballBundleLoader: extract .signatures.json and compute per-file digests.- New verifier: validate JWS over file digests using configured public key/secret.
BundlePlugin: fail activation when verification fails.
Add support for OPA's signed bundle format (see docs).
BundleConfig(keyid, scope, exclude_files).TarballBundleLoader: extract.signatures.jsonand compute per-file digests.BundlePlugin: fail activation when verification fails.