Consider deleting code in trust_policy.go
The internal type policy
seems redudant and mainly results in code duplication. The explicit copying in NewPolicy
also seems redundant as are there are neither pointers nor slices. The ErrInvalidPolicy could probably be deleted as well -- it is never used outside of the policy package. I have no strong opinions on keeping the validate loop construct, but it would likely be easier to read a single validate function with the same basic tests (two if statements).