Standardise governance API - remove use of member certs

[eddyashton]

We primarily think of members as being identified purely by their key, which is used for signing. Some endpoints still permit TLS auth with the member cert as client identity (POST /gov/recovery_share, GET /gov/recovery_share, and POST /gov/ack/update_state_digest).

To support these, our member cert authentication does not check expiry times (#5083), so it will permit expired member certs.

#5080 attempted to simplify this, removing the old endpoints and insisting on COSE signing. This was too aggressive a change to the API, and had too large a blast radius for an urgent CI fix, so has been reverted. We should revisit this, with deprecation of the old endpoints (redirecting to the new), and the goal of eventually dropping member cert-based auth entirely.

[achamayou]

This was resolved as a side effect of #5137, with GETs no longer reliant on cert auth and using URL parameters only. Further changes are coming as part of the implementation of #5129, but this is done.