Description of feature request:
The apt in-toto transport should be configurable via an apt configuration file (see apt.conf(5)) in a suitably named file that remains in /etc/apt/apt.conf.d/, e.g. /etc/apt/apt.conf.d/intoto.

Current behavior:
In the general message flow between apt and an apt transport, apt responds to the first message from the transport (i.e. 100 Capabilities) with a 601 Configuration message containing all the individual Config-Item's read from apt configuration files (see above) on separate lines.

601 Configuration
Config-Item: APT::Architecture=amd64
Config-Item: APT::Build-Essential::=build-essential
... [further config items]

Which, when parsed using the in-toto deserialize_one function, looks like:

{
'info': 'Configuration', 
'fields': [
  ('Config-Item', 'APT::Architecture=amd64'), 
  ('Config-Item', 'APT::Build-Essential::=build-essential'), 
  ...], 
'code': 601
}

Expected behavior:
We need to define required (and optional) configuration parameters in order to perform in-toto verification. Any related configuration parameter may be prefixed with APT::intoto::. Note that parameters don't need to have unique names (or values). At least the following information should be configurable:

• URIs of available rebuilders
• Location of local root layout
• Keyids of root layout gpg keys, which must be present in a local keychain
• A path to a non-default gpg keychain, to load root layout public keys from (optional)

These parameters may be parsed and used in a suitable manner during the apt <-> transport message flow (see comments in the intoto.handle function for more details).