feat: X509 in MSO signer and further coeherence checks

[peppelinux]

This pull request adds support for issuing Mobile Security Objects (MSOs) and mDOCs with a full X.509 certificate chain in the COSE x5chain header (label 33), following RFC 9360. It introduces a new x509_chain parameter to both MsoIssuer and MdocCborIssuer.new(), allowing flexible input types (file paths, bytes, or Certificate objects), and ensures cert_path and x509_chain are mutually exclusive. The update is thoroughly documented and tested, improving standards compliance and interoperability.

X.509 Chain Support and API Changes

• Added x509_chain parameter to MsoIssuer and MdocCborIssuer.new() for embedding a full X.509 certificate chain in the COSE x5chain header (label 33), supporting file paths, bytes, or Certificate objects as input. cert_path and x509_chain are now mutually exclusive. [1] [2] [3] [4] [5] [6] [7]
• Refactored MSO signing logic to use the new encode_x5chain utility for encoding the chain, supporting both single and multiple certificates per RFC 9360.

X.509 Utility Functions

• Added X509ChainSource type and utility functions (load_x509_certificates_from_bytes, load_x509_certificates_from_source, encode_x5chain) to handle flexible loading and encoding of X.509 chains for COSE headers.

Testing Enhancements

• Introduced comprehensive tests for the new x509_chain functionality, including single and multiple certificate chains, mutual exclusivity with cert_path, and integration with both MsoIssuer and MdocCborIssuer. [1] [2]

Documentation Updates

• Updated and expanded documentation in README.md, docs/CERTIFICATE-CHAIN-VERIFICATION.md, and docs/MSO.md to describe the new x509_chain parameter, usage patterns, and RFC 9360 compliance. [1] [2] [3]

Other Improvements

• Updated version to 1.3.0.
• Improved robustness of cborlist2CoseSign1 to accept both lists and tuples.