Expand description
bootstrap-nonces.json - signed sidecar declaring valid bootstrap-token
nonces. Same trust class as fleet.resolved.json and revocations.json
(signed by ciReleaseKey).
Closes the replay-after-DB-wipe vector: CP refuses any /v1/enroll
whose token nonce is not in the signed allowlist. After a state.db
wipe, CP rebuilds replay protection from the signed artifact.