Client attestation #1
Description
Mutual attestation should be possible - that is, clients running in a CVM should be able to provide a TLS certificate and attestations and have the server verify them.
This means really the only distinction between client and server is that the client is the one who initiates the connection.
In some cases we may also want client TLS authentication but not client attestation - where we want to authenticate a particular client who is not running in a CVM.
But i am not sure whether it makes sense to allow any combination of client / server TLS auth and/or attestation.