Add forwarding support

[SteveLasker]

We've had a few conversations around key and even signature revocations.

While we'll need to support "key revocations" scenarios, the signature revocations scenarios were interesting whether a signature should just be capable of being deleted, or do we need a revocation for a specific signature or artifact.

As users adopt content flow across registries, including consuming public content, it's possible an inadvertent change that gets published gets quickly consumed. Is there a way to send out an update that says "oops", switch to this? Or, "yikes" you really want to switch to this...

1. A user becomes dependent upon a specific artifact: net-monitor:v1@sha256:aaa.
2. A new version becomes available. It's not required, it's not even a critical update. It's just pointer to a new version a client may want to opt-into.
3. The forwarding could have a severity property that could be used to

This capability may not be a Notary v2 capability. It may be a runtime capability.
Capturing here if it becomes interesting to unblock some of the revocation scenarios