Support generating ECDSA keys in a trusted execution environment

[cpetrov]

This adds support for generating ECDSA keys in a trusted execution environment (TEE) that can be used for signing and verification. Such keys are generated in the TEE and never leave it.

Because the keys are generated in the TEE, the keys themselves cannot be exported. Instead, a handle to the key is exported. The handle can be used to import the key and use it for signing and verification, but not to extract the key itself.

A new options parameter is added to crypto.subtle.generateKey(). It has two optional properties: inTee and usageRequiresAuth. inTee is a boolean that indicates whether the key should be generated in a TEE. usageRequiresAuth is also a boolean that indicates whether the key can only be used when the user has authenticated.

An example of how to generate and use a key in a TEE is added to the crypto-sign snippet. The snippet now contains two examples: one for generating and using keys in the normal way, and one for generating and using keys in a TEE. The crypto-sign snippets now also demonstrate exporting and importing keys.