CCA: Get the evidence from EAR (EAT Attesation Result)

CCA validation by the Verasion has some overlapping with the RVPS,
the similar validation has been done by the Verasion already.
So the validation of evidence in CoCo is not needed in theory.

The parse of the CCA token here is to align with other verifier,
e.g. TDX, and to support RVPS if that is the case of future planning.

NOTE that each of the value we get from EAR is base64 encoded hex value.
So, the reference value that are registered for RVPS are expected to
be base64 encoded hex value as well.

[1] https://datatracker.ietf.org/doc/draft-ietf-rats-ar4si/

Signed-off-by: Dave Chen <[email protected]>

attestation-service/verifier/Cargo.toml

@@ -11,7 +11,7 @@ sgx-verifier = [ "scroll", "sgx-dcap-quoteverify-rs" ]
 az-snp-vtpm-verifier = [ "az-snp-vtpm", "sev", "snp-verifier" ]
 snp-verifier = [ "asn1-rs", "openssl", "sev", "x509-parser" ]
 csv-verifier = [ "openssl", "csv-rs", "codicon" ]
-cca-verifier = [ "cbor-diag", "veraison-apiclient" ]
+cca-verifier = [ "ear", "veraison-apiclient" ]
 
 [dependencies]
 anyhow.workspace = true
@@ -21,7 +21,6 @@ az-snp-vtpm = { version = "0.4", default-features = false, features = ["verifier
 base64 = "0.21"
 bincode = "1.3.3"
 byteorder = "1"
-cbor-diag = { version = "0.1.11", optional = true }
 cfg-if = "1.0.0"
 codicon = { version = "3.0", optional = true }
 # TODO: change it to "0.1", once released.
@@ -40,7 +39,7 @@ sev = { version = "1.2.0", features = ["openssl", "snp"], optional = true }
 sgx-dcap-quoteverify-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }
 strum.workspace = true
 veraison-apiclient = { git = "https://github.com/chendave/rust-apiclient", branch = "token", optional = true }
-ear = { git = "https://github.com/veraison/rust-ear", rev = "cc6ea53" }
+ear = { git = "https://github.com/veraison/rust-ear", rev = "cc6ea53", optional = true }
 x509-parser = { version = "0.14.0", optional = true }
 
 [build-dependencies]