Write better documentation

[mikhailswift]

The root README should be updated with a project description and relevant information. it can still include the CLI documentation or we can create a separate md in a docs folder detailing the CLI.

We should also create some examples of using witness.

[colek42]

I'd like to do the following

Main Readme:

• Link to GitHub pages site
• Witness Logo
• Gif of witness example
• Text of the commands in the example gif
• Generated CLI documentation

Documentation:
We can start with just a /docs folder but would like to have a githubpages site ready to go at launch.

I've had good luck with docusaurus in the past, but open to options. https://docusaurus.io/docs/deployment#deploying-to-github-pages

[flickerfly]

I'm especially interested in the gitlab docs and some sort of architecture diagram. For example, I'm trying to figure out if there is a central server that stores the attestation details or anything like that or if I need to build a workload around managing that, especially in an air gap space.

[colek42]

It depends on your trust model. Using keyless signing would require some sort of timestamp authority. In our current model, we use rekor (https://log.testifysec.io) for transparency and timestamping. These attestations are json objects that can be airgapped and verified in the target environment. The trust is maintained by the certificate authority, as long as you have a trusted CA on both ends you should be good.

I've created an issue here to track air-gapped verification.

[flickerfly]

Thanks @colek42