Disable certain APIs and build triggers when trust is enabled

Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.

endpoints/api/repository.py

@@ -11,12 +11,13 @@ from flask import request, abort
 
 from app import dockerfile_build_queue, tuf_metadata_api
 from data import model, oci_model
-from endpoints.api import (truthy_bool, format_date, nickname, log_action, validate_json_request,
+from endpoints.api import (format_date, nickname, log_action, validate_json_request,
                            require_repo_read, require_repo_write, require_repo_admin,
-                           RepositoryParamResource, resource, query_param, parse_args, ApiResource,
-                           request_error, require_scope, path_param, page_support, parse_args,
-                           query_param, truthy_bool, disallow_for_app_repositories, show_if)
-from endpoints.exception import Unauthorized, NotFound, InvalidRequest, ExceedsLicenseException, DownstreamIssue
+                           RepositoryParamResource, resource, parse_args, ApiResource,
+                           request_error, require_scope, path_param, page_support,
+                           query_param, truthy_bool, show_if)
+from endpoints.exception import (Unauthorized, NotFound, InvalidRequest, ExceedsLicenseException,
+                                 DownstreamIssue)
 from endpoints.api.billing import lookup_allowed_private_repos, get_namespace_plan
 from endpoints.api.subscribe import check_repository_usage
 
@@ -502,7 +503,7 @@ class RepositoryTrust(RepositoryParamResource):
 
     values = request.get_json()
     model.repository.set_trust(repo, values['trust_enabled'])
-    
+
     log_action('change_repo_trust', namespace,
                {'repo': repository, 'namespace': namespace, 'trust_enabled': values['trust_enabled']},
                repo=repo)