Option to run in "learning mode" and register checksums for unsigned artifacts #10
Description
A lot of old Maven dependencies are missing signatures in Central. Unfortunately, a lot of projects depends on those. But hopefully there are a limit number of old artifacts and in that case as those wont change we could try to discover all of them and have them already included in the trust map.
In order to find those artifacts and record their checksums, a "learning mode" could be introduced in which artifacts without signatures are not refused but instead will have the digests recorded/outputted.
Then we could run builds on a large number of available open source projects to have as many of those old artifact checkums as possible registered.