deprecated TUF usage #728
Description
Noticed that internal/fulcio/fulcioroots uses TUF... but does not use it to download trusted_root.json that contains the current trust material but instead seems to download the deprecated individual keys/cert files. This will break at some point.
This likely makes sense to fix when you upgrade from the old cosign version: see #537