trust: TSA are not required in signing config

They will be if there are any rekor 2 instances, but currently
TSA is not strictly needed.

Signed-off-by: Jussi Kukkonen <[email protected]>

Author: jku

sigstore/_internal/trust.py

@@ -387,9 +387,7 @@ def get_tsa_urls(self) -> list[str]:
         but may return more in future.
         """
         url = self._get_valid_service_url(self._inner.tsa_urls)
-        if not url:
-            raise Error("No valid Timestamp Authority found in signing config")
-        return [url]
+        return [] if url is None else [url]
 
 
 class TrustedRoot: