We want some cluster-version operators trying to use the OTA-909 API to retrieve signatures from an update service. We probably don't want all connected clusters doing that frequently, to avoid excessive, inefficient load on Red-Hat-hosted Cincinnati when the canonical signature sources are reachable. Possible approaches include:

a. Using the existing spec.upstream knob to find an update service domain, and hard-coding the OTA-909 path prefix to find a base-path for signature requests.
b. Adding a new, optional spec property like signatureStores where admins can declare additional stores, and then folding that into the built-in stores.

We could probably make (a) work most of the time, and it's less mental overhead for admins setting spec. But it is implicit magic, and (b) makes it an explicit knob. It's currently a wash for me personally, but talking among the team 2023-02-27, (b) seems like the direction we're currently leaning towards. This ticket is about designing the spec pivot, and landing that change in openshift/api.

Definition of Done:

Merge an enhancement, and add the required API change of the ClusterVersion.