Planner to verify the RoT artifacts and choose correct one for environment

[karencfv]

As part of the work to get MGS driven updates incorporated into the planner, we came across a roadbump. Previously, wicket created a RawHubrisArchive from each artifact to verify the CMPA and CFPA pages against. In the planner, this step isn't as straightforward because we don't have access to the artifacts, but rather just the metadata. The TUF metadata does not contain any of this information from the RoT artifacts.

To get to a point where we have the information available to the planner we'll need the following work:

• Retrieve the Root Key Table Hash (RKTH) from the RoT artifacts before Nexus re-packages the TUF repo's RoT artifacts. Should be done as a new lpc55_sign routine.
• Then we can store those hashes somewhere, perhaps the artifact metadata (TufArtifactMeta)? Will need input from @iliana on such kind-specific metadata.
• Have the planner verify the RKTH against the CMPA/CFPA found in inventory as part of [reconfigurator] RoT planner support #8421.