* Add test to verify PersistentData is zeroed after FIPS shutdown

Add ModelEmulated::dccm_read() to allow tests to inspect DCCM contents
directly, and add test_fips_shutdown_zeroizes_persistent_data which
issues a SHUTDOWN command and then verifies every byte of the
PersistentData region (38 KB at 0x50000400) is zero.

* Replace #[derive(Zeroize)] with ZeroizeWithByteScrub trait for large structs

Introduce a ZeroizeWithByteScrub trait in caliptra-image-types with
FromZeros + IntoBytes bounds. The single unsafe block lives in the
trait's default method, with safety guaranteed by the trait bounds:
IntoBytes ensures contiguous layout with no padding, FromZeros ensures
all-zeros is a valid bit pattern. The resulting byte slice is passed to
[u8]::zeroize() which uses volatile writes to prevent dead-store
elimination.

Replace derived Zeroize with this trait for PersistentData,
ExportedCdiEntry, ExportedCdiHandles, ImageManifest, ImageTocEntry,
and AuthManifestImageMetadataCollection.

To enable FromZeros on PersistentData, add FromZeros derives to its
transitive field types: KeyId, FirmwareHandoffTable, IdevIdCsr,
FmcAliasCsr, BoundedAddr, and DPE types Context, ContextState,
ContextType, DpeInstance (replacing TryFromBytes, which FromZeros
implies).

Saves 1,960 bytes of runtime .text.