Handle public good SigningConfig once it's available

[jku]

#1363 Starts using a SigningConfig to configure signing in every case.

Public good staging instance already serves a SigningConfig file but production instance does not: there is a hardcoded workaround in ClientTrustConfig.from_tuf() handling this specific case.

The code should just keep working correctly when SigningConfig is addded into public good production, but it makes sense to remove the workaround at that point.

When production TUF repo serves a signing_config.v0.2.json, we should:

• Update the Makefile update-embedded-root target so that it also copies signing_config.v0.2.json
• run make update-embedded-root
• remove the hardcoded exception handling in ClientTrustConfig.from_tuf()

[jku]

This is only lacking the workaround removal I believe

[jku]

This is only lacking the workaround removal I believe

actually William handled this in 204e0f4.