Define experience for notation sign command

[gokarnm]

Things to consider

• Should we use a default key or need the user to explicitly specify the key
• Does signing automatically push signature to repo? Which repo?
• How does one filter out private signatures from being automatically pushed to public repos?
• Make params like --trust more intuitive.

Related to #78 #88

[dtzar]

Spec needs to be finalized to start on this.

[dtzar]

Per some feedback, I'd like to see something implemented such as a --dry-run switch on notation sign which returns back information about what is going to be signed. This way someone can make sure they are going to be signing the right artifact.