Add debian package support

[lukpueh]

Description of issue or feature request:
The intoto transport should be installable as debian package eventually, e.g. apt-get install apt-transport-intoto should make intoto.py available as executable in /usr/lib/apt/methods/intoto, and also install required metadata (default layout, layout key and configuration) to the right locations.

Note: The intoto transport depends on the in-toto package, which itself depends on the securesystemslib package, both of which are not yet available as debian packages. Ideally, these dependencies may also be installed as debian packages.

Current behavior:
No installation setup.

Expected behavior:
Provide installation setup.

[lukpueh]

When working on this issue, the shebang in the Python scripts should also be updated to match the suggestion in the Debian Python packaging guide:

#!/usr/bin/env python

should be

#!/usr/bin/python

[lukpueh]

Discussion about python packaging tooling

Should the apt package build on Python packaging tools, i.e. should we provide a setup.py?
The ultimate goal is to install the single intoto.py script as an executable in /usr/lib/apt/methods/intoto (plus dependency libraries and metadata and configuration).

Without setup.py
IMHO, the easiest way would be to implement this in a debian installation make file or so, e.g. something like

install requirements
copy intoto.py to /usr/lib/apt/methods/intoto
copy config files and in-toto metadata to the desired places

With setup.py
Or we define parts of that logic in setup.py, using install_requires (for dependencies), entry_points.console_scripts (for the executable) and data_files (for in-toto metadata and config files).

The second approach seems "cleaner" and we could for instance re-organize intoto.py so that it is not a single file. However, I did not find a straight forward way to install a Python executable to a custom location. I tried several ways:

1. Treat the executable as data_file to copy it to /usr/lib/apt/methods/intoto
   Problem: Can't rename files, hence we'd have to store intoto.py as intoto (and seems hackish).
2. Use command line option --install-scripts=/usr/bin/apt/methods (see Custom Installation)
   Problem: I didn't find a way to add that option in setup.py's setup call. You could use script_args but that overrides all command line arguments passed to setup.py, which seems risky.
3. Create post-install hooks for setup.py commands using cmdclass
   Problem: We'd have to override a specific setup.py command, but it's unclear to me which one.

Maybe this is a no-problem and we should just let debian's package manager client take care of this. However, I'm curious what other Python developers think (@SantiagoTorres, @awwad, @aaaaalbert).

[lukpueh]

Just talked to a Python packaging expert who reassured me that it's not worth/useful to use Python packaging tooling for this, as this is a Debian-only package anyway. Thanks for you 2 cents, @pradyunsg!