Clarify roles and keys

[lukpueh]

Currently we ask the users to add functionaries and their keys after having defined steps and inspections. Subsequently users must authorize the newly created functionaries for each defined step (c.f. #19).
And eventually on the wrap up page the user is instructed to generate a project owner key to sign the layout and we provide different command snippets for each functionary, listing only the steps the respective functionary was authorized for.

We should do a better job at explaining the project owner and functionary roles and why it is beneficial to use different keys and thresholds for certain steps.

Furthermore, we implicitly assume that each role is associated with a physical person, which makes it all the more confusing for 1-person software supply chains.

[lukpueh]

One suggestion was to have the user create project owner and functionary keys all at once.

[lukpueh]

@vladimir-v-diaz suggested to be more explicit about what types of keys are supported for functionaries #14 (comment).

Also see secure-systems-lab/securesystemslib#55 for supported key formats

[lukpueh]

@vladimir-v-diaz also noted that the "authorizing functionaries" page does not make any sense if the user hasn't uploaded any keys before (and he is right). #14 (comment)