Plugin signature support

[calebhailey]

We should sign our plugin to be compatible with Grafana's plugin signature verification:

Plugin signature verification (signing) is a security measure to make sure plugins haven’t been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.

At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to Configuration -> Plugins.

Grafana also writes an error message to the server log:

WARN[05-26|12:00:00] Some plugin scanning errors were found   errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"

See the Grafana plugin signing developer documentation for more information.

[pazarr]

To help if someone facing problem loading sensu datasource plugin into grafana

For docker, specifiy a variable as below
GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=sensu-sensugo-datasource

or if you have binary installed edit grafana.ini

[plugins]
allow_loading_unsigned_plugins = "sensu-sensugo-datasource"