Track signed versions of definitions

[matejcik]

we now have do_sign.sh that can add a signature to the current version of definitions-latest.

we want to be able to:

• auto-refresh definitions-latest in a nightly (or weekly) CI job and commit the results, and at the same time
• keep track of most recent signed version of definitions-latest, i.e., the one that has a signature matching its Merkle root
  • we might create a signed branch pointing to the appropriate commit made by do_sign?
  • (doing it the other way around and doing everything in develop while keeping the signed versions in main is an option, but arguably more confusing; with a separate signed branch, we can do unrelated development in main and only fast-forward signed when appropriate)

to resolve this issue, the above must be figured out, documented in readme (#11), and scripts must be ready to run from CI that:

1. do the nightly job of refreshing definitions-latest (and clear the signature), and deploy binaries to firmware.corp.sldev.cz
2. when signed branch changes, deploy binaries to data.trezor.io

[matejcik]

detailed steps:

we need an automated job that does the following every time the signed branch is pushed:

1. checkout the latest state
2. set up poetry env: poetry install
3. execute poetry run python cli.py sign
   • this generates definitions-latest directory, or specify -o outdir to put it somewhere else
4. upload the contents of definitions-latest to data.trezor.io/firmware/eth-definitions
5. tar up the contents of definitions-latest to definitions.tar.xz and upload that to the same URL