bridge: Make tor sign the networkstatus-bridges document
Turns out that networkstatus-bridges
document, when dumped on disk on the Bridge Authority side, is not signed.
This means that when it is pushed to BridgeDB, the only trust anchor we have is the SSH key thus making BridgeDB unable to verify the received document signature that it was indeed signed by the authority.
For now, it is "OK" that we do that because the configured SSH key between the authority and BridgeDB has a pinned IP address to it so an attacker would need to steal that key and push descriptors from that IP which is somehow already a lot.
Regardless, adding the signature is something quite cheap that tor can do which would allow BridgeDB an extra validation there instead of relying solely on the SSH tunnel.