COSE Receipts

[achamayou]

Switch to COSE receipts, embedded in unprotected headers of signed statement, as per:

• https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs/
• https://datatracker.ietf.org/doc/draft-birkholz-cose-receipts-ccf-profile/
• https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/

Also see consolidated (receipt) schema: https://github.com/microsoft/CCF/blob/main/cddl/ccf-receipt.cddl

I have had to disable a few testcases with mark.skip, for which I need to investigate possible solutions. All the common paths now work with current-draft-compliant receipts and statements. There is also work to do in future PRs before this can PR to main, including :

• Update Client API/naming to current SCITT
• Update TrustStore to map kid -> key
• Update the CLI

[achamayou]

Draft verification logic: https://github.com/microsoft/CCF/pull/6603