Remove JSON Requirement from the spec

[mnm678]

In order to address concerns with canonical JSON (including #92) and to allow for more flexibility in the specification to make features like TAP 11 more useful, I propose we remove the canonical JSON requirement from the standard. This means removing the section:

All documents use a subset of the JSON object format, with floating-point numbers omitted. When calculating the digest of an object, we use the "canonical JSON" subdialect as described at http://wiki.laptop.org/go/Canonical_JSON

In addition, we will likely have to do a pass over the document for consistency.

Note that this change does not affect any existing implementations. Canonical JSON will still be a valid choice, but future implementations may chose to use a different canonical json dialect or an entirely different metadata format while still following the TUF specification.

We can probably leave the examples in the spec as is, but make it clear that implementers may chose to use a different metadata format and still have a valid TUF implementation.

[joshuagl]

Thanks for filing this @mnm678. We could adopt a similar approach to in-toto, whose spec makes it clear that there's no recommended format for the documents but that Canonical JSON is used in the specification to provide readable examples.

To provide descriptive examples, we will adopt "canonical JSON," as described in http://wiki.laptop.org/go/Canonical_JSON, as the data format. However, applications that desire to implement in-toto are not required to use JSON. Discussion about the intended data format for in-toto can be found in the in-toto website.

[joshuagl]

Note that the TUF website will need to be updated to reflect this change too, i.e. https://theupdateframework.io/metadata/

All TUF metadata uses a subset of the JSON object format. When calculating the digest of an object, we use the Canonical JSON format.

[mnm678]

Resolved in #102 and theupdateframework/theupdateframework.io#8