Examples: ship bootstrap root.jsons for well-known repositories

[jku]

In #2193 the client example gains Trust-On-First-Use (TOFU) functionality and support for arbitrary repositories. This is very useful for testing but has two issues:

• we should also be an example of not using TOFU (and shipping the bootstrap root metadata) whenever possible
• some known repositories have old root metadata that the client is incompatible with: This breaks the TOFU approach. We could workaround this issue by shipping a newer root metadata as bootstrap

So:

• client example could ship with root.json files for known repositories like https://github.com/jku/tuf-demo, sigstore, bottlerocket, the manual repo in python-tuf sources, etc
• these should be "hidden" a bit so that they don't confuse someone who is just looking for example code
• client should automatically use these bootstrap roots: the initial implementation could be just if cache for {REPO} does not have root.json and bootstrap root.json for {REPO} exists, then copy bootstrap root.json to cache
• the obvious next step is Updater feature request: verify chain of trust from bootstrapped root metadata #1168 , which is a ngclient feature that would make the example even simpler and safer

[JustinCappos]

I'm supportive of this in general. What you propose seems quite simple to implement and deploy