DocumentGenerator: Don't include payload in DeviceSigned COSE_Sign1.

[davidz25]

ISO/IEC 18013-5:2021 clause 9.1.3.4 specifically said to not do that. This bug was introduced in PR #482 when switching to the new CBOR and COSE libraries. Fix this.

Also add a new check to Cose.coseSign1Check() for this. This check will trigger a unit-test failure if the fix mentioned in the previous paragraph isn't applied.

Test: New test and all unit tests pass.

Fixes #

It's a good idea to open an issue first for discussion.

• [ ] Tests pass
• [ ] Appropriate changes to README are included in PR

[davidz25]

Credit goes to @ryanhargrove for finding this bug.