[rom/rom_ext] Add support for "hybrid" signature verification (PQC + traditional)

[jettr]

Description

We would like to support dual signature verification for the transition to ROM_EXT and owner firmware. This means the image manifest needs to support two signatures, one for traditional and one for PCQ.

Both signatures must be valid to execute the next stage. We want hybrid signature support to mitigate potential risk associated with finding a fatal flaw in a newer PCQ signature schemes.

This hybrid requirement applies to any place we use a PCQ key. As of writing this the following place we need this support are:

• [x] In ROM when verifying next ROM_EXT stage
• [ ] In ROM_EXT when verifying next Owner Firmware stage
• [ ] In ROM_EXT when verifying owner management commands (e.g. owner unlock)
  • The Owner key and all derived keys (e.g. unlock key) need to be dual tranditional and PCQ keys

[moidx]

The ROM stage implementation is already available. The following test target can be used to verify this in the FPGA:

https://github.com/lowRISC/opentitan/blob/4a74bf509c1a6afec8f53243cd8d824fc54d028a/sw/device/silicon_creator/rom/e2e/sigverify_spx/BUILD#L228-L239