[bazel,rom_ext,manuf] develop reference non-mutable ROM_EXT code section and tooling support

[timothytrippel]

23425 added a feature to the Earlgrey PROD ROM to support execution of a non-mutable ROM_EXT code section in the ROM before handing execution over to the ROM_EXT itself. To enable using this feature, we should develop:

1. a reference implementation of the most common use case for this feature (namely to perform UDS and CDI_0 key and certificate generation), and
2. Bazel build rules to enable building this code section as a separate CC binary and embedding it directly in the ROM_EXT binary
3. Bazel tooling to enable building an individualization binary with the proper code of hash of the expected non-mutable ROM_EXT to be deployed in a device's transport image

[sasdf]

Tasks for imm_rom_ext main logics

• [ ] Move CreatorRoot DICE logic to common lib.
  • [ ] Refactor rom_ext.c to decouple silicon/creator functions from the global variables.
  • [ ] Move the functions to silicon_creator/lib/cert.
  • [ ] Call imm_rom_ext main at the beginning of mutable rom_ext when the immutable section is not enabled.
  • [ ] Generate silicon/creator cert at immutable rom_ext main function.
• [ ] Reconfigure ePMP entries.
  • [ ] Add imm_rom_ext ePMP reconfiguration fallback when the immutable section is not enabled.
  • [ ] Update mutable rom_ext ePMP reconfiguration to align with the new settings.
  • [ ] Add new imm_rom_ext ePMP reconfiguration when the immutable section is enabled.