WIP: Add support for hex/PEM encoded ECDSA keys

[asraa]

Summary

• This PR updates the code to create hex AND PEM encoded ECDSA keys for the HSM keys
• Updates all online keys to be formatted with PEM. These do not need to be "rotated" like the root keys.
• Verification will output both key IDs corresponding to each HSM key.
• Tests TODO.

Test it out!! When you run init to create a new root, the scripts will create 10 empty placeholder signatures, two for each keyholder corresponding to their "shadow" keys. The new root and targets role consist of the PEM encoded keys.

Run the following if you check this PR out:

export LOCAL=1
export BRANCH=${THE_BRANCH_YOU_CHECKED_THIS_CODE_OUT}
export GITHUB_USER=${YOUR_GITHUB_USER}
export TEST_KEY=./tests/test_data/cosign.key
export TIMESTAMP_KEY=$TEST_KEY
export SNAPSHOT_KEY=$TEST_KEY
export REKOR_KEY=$TEST_KEY
export STAGING_KEY=$TEST_KEY
export REVOCATION_KEY=$TEST_KEY
export PREV_REPO=$(pwd)/ceremony/2022-07-12
./scripts/step-0.sh
./scripts/step-1.5.sh

And then run (swapping the date as needed)

$ cat ceremony/2022-09-09/staged/root.json | jq -r

The verify script doesn't handle branches well, so manually run, swapping REPO to ceremony/$DATE

go build -o verify ./cmd/verify
[ -f piv-attestation-ca.pem ] || curl -fsO https://developers.yubico.com/PIV/Introduction/piv-attestation-ca.pem
 ./verify keys --root piv-attestation-ca.pem --key-directory $REPO/keys

Release Note

Documentation

[asraa]

Apologizes. I will make this PR a LOT smaller for review. I just got excited.