Attack via OTA update server

[Moritzw]

Setup OTA update webserver (with a security issue)

• webserver will be abused and a manipulated binary will be uploaded
• secure boot denies an update of a binary with a wrong signature and sends an error / alarm message to openhab

[leonPreus]

• fixed http 400 error and got OTA Update to work(7934fe8)
• updated wiki on how to enable OTA on the ESP
• ESP only updates if newer version is available defined by APP_VERSION_CODE. (b091abe)
• updated wiki on how to enable soft secure boot(signed app images) on the ESP

at this point, ota update works and "secure boot" is enabled, now we need a nice demonstration. plan is to have the ESP send its error messages to the PI over another mqtt channel. In case an unsigned image gets pushed the openHab UI displays it

[leonPreus]

ESP now sends ota errors back to Pi via an mqtt topic (9166741)
The name of the topic is "ota". add it as another channel to the mqtt broker in the openhab interface and the openhab log viewer should should read something like 2021-01-15 13:53:14.856 [INFO ] [openhab.event.ChannelTriggeredEvent ] - mqtt:broker:11406479cf:otaErrors triggered 9 when OTA update fails because of secure boot