Policy: add verification support for remote context builds #3642
Description
Policy currently only works on builds from local sources. Should work also for builds from Git repositories and HTTP URLs.
Filename in —policy should still probably point to local files to make sure override can be done by the caller. Sometimes it may be needed to set a custom filename from the repository, though, and maybe sometimes it would be nice to add a custom repository from a shared source. @crazy-max and ideas for syntax?
Imports of helpers and load_json should work in the same context where the policy is loaded from.