Support for PCR0 signing

[zhanjh]

Issue #, if available:

Description of changes:

This PR is based on aws-nitro-enclaves-image-format/pull/30

• Add subcommand measure-enclave to generate measurements without writing output enclave image file
• Add subcommand sign-pcr0 to sign PCR0 with private key and write output signature file
• Change subcommand build-enclave to accept signed signature.

For security reasons, the private key is usually in a separated environment, so it may not be possible to build an enclave with private key in a single step from the building pipeline. Inspired by Digest Signing in oesign,

1. In building environment, generate PCR0 of the enclave
2. Send PCR0 to the environment containing the private key for signing
3. Back in the building environment, build enclave with certificate and signed signature.

# 1. generate PCR0
nitro-cli measure-enclave --docker-uri example:latest

# 2. sign PCR0 in another environment with private key
nitro-cli sign-pcr0 \
  --pcr0 "pcr0-hash-in-hex" \
  --private-key key.pem \
  --output-file pcr0.sig


# 3. build enclave with certificate and signature
nitro-cli build-enclave \
  --docker-uri example:latest \
  --signing-certificate certificate.pem \
  --signature pcr0.sig \
  --output-file example.signed.eif

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.