_internal/trust: Fix bug in rekor key lookup

Rekor keyring can (and in future will) have multiple keys:
logs not only get sharded but once rekor-tiles is integrated in the
public good instance, there will be two writable logs for a while.

As far as I can tell all calling code is already capable of handling
the keyring.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

Author: jku

sigstore/_internal/trust.py

@@ -382,8 +382,8 @@ def rekor_keyring(self, purpose: KeyringPurpose) -> RekorKeyring:
         """Return keyring with keys for Rekor."""
 
         keys: list[_PublicKey] = list(self._get_tlog_keys(self._inner.tlogs, purpose))
-        if len(keys) != 1:
-            raise MetadataError("Did not find one Rekor key in trusted root")
+        if len(keys) == 0:
+            raise MetadataError("Did not find any Rekor keys in trusted root")
         return RekorKeyring(Keyring(keys))
 
     def ct_keyring(self, purpose: KeyringPurpose) -> CTKeyring: