COSE signatures and verification in CCF

[maxtropets]

COSE signatures for Merkle root must be stored for each signature transactions.

Raw signature must be kept too, so existing tooling keeps working for new transactions.

### Tasks
- [x] New schema
- [x] Sign and store in the new tables
- [x] Pass key info to protected headers
- [x] COSE signature verification during [replication](https://github.com/microsoft/CCF/blob/main/src/node/history.h#L701)
- [x] COSE signature verification during recovery (turns out to be the same code as for replication)
- [x] COSE signature in Python package
- [x] Perf measurements

[maxtropets]

Verification-wise (as discussed with @achamayou), at this stage we target

• signature check during state replication (here)
• recovery (signature check only)
• python package signature verification

We deliberately putting off in this PR

• snapshot verification when joining the network
• snapshot verification during recovery