Add operator for SigningConfig services, log and TSA roots (#634)

When verifying a log entry or timestamp with a threshold, clients should
verify that log proofs or signed timestamps are from distinct operators,
not just distinct deployments. For example, if an operator deploys
multiple log services, either due to multiple versions or just
redundancy, multiple valid proofs in verification material should be
treated as a single valid proof for the threshold.

Since verification will require distinct operators, we also need to
include operators for the signing config, so that when multiple services
are picked, the client will only select distinct services so that
verification will succeed.

Signed-off-by: Hayden B <[email protected]>
Co-authored-by: Hayden B <[email protected]>

Author: haydentherapper