TUF client should set (or enable application to set) HTTP user-agent

[jku]

Description

Currently cosign user-agent when downloading TUF metadata is Go-http-client/2.0,gzip. It would be helpful if it had more details, something like cosign/2.0.2 go-tuf/0.5.2 Go-http-client/2.0 -- or whatever combination makes sense and is easy to implement.

cosign currently initializes the singleton TUF client with tuf.Initialize(ctx, mirror, rootFileBytes);. Code in this repository then ends up calling client.HTTPRemoteStore(mirror, nil, nil) from the go-tuf codebase: here the second argument is an options struct that could include the useragent.

So at least one option here would be to add an optional useragent argument to tuf.Initialize() so that cosign could use it.

[haydentherapper]

This would be great. @bobcallaway and I had actually discussed this previously when trying to figure out which clients were accessing the remote TUF repo. Specifying both the version of go-tuf and the library using it would be good.