hx509: Add TCG EK and DevID certs to test with

These are sample certificates from the Trusted Computing Group
Endorsement Key Credential Profile For TPM Family 2.0; Level 0.

 - lib/hx509/data/tcg-ek-cp.pem (Endorsement Key certificate)
 - lib/hx509/data/tcg-devid.pem (DevID certificate)

https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf
https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf

This certificate came from the Trusted Computing Group Endorsement Key
(EK) Credential Profile [0], Appendix A, page 34.

[0] https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf

Note that hxtool at this point both certificates, including all their
extensions, HardwareModule Name SAN, certificate policies, and the new
DN attributes TPMVersion, TPMModel, and TPMManufacturer, as shown below.

The work on the ASN.1 compiler helped.

The goal of this work will be to enable a Heimdal service for device
enrolment using TPMs.  More TCG profiling has to be done, and perhaps
some ECC work as well.  But Heimdal will mostly just be a relying party
and CA, and will not include the client side piece of enrolment.

$ cd build/lib/hx509
$ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-ek-cp.pem
cert: 0
    friendly name:
    private key: no
    issuer:  "CN=ExampleCA"
    subject: ""
    serial: 01
    keyusage: keyEncipherment
subject name:
issuer name: CN=ExampleCA
Validity:
        notBefore 2014-01-15 15:40:50
        notAfter  2015-01-15 15:40:50
checking extension: authorityInfoAccess
        Critical not set on MUST
        type: 1.3.6.1.5.5.7.48.2
        dirname: URI: http://www.example.com/ExampleCA.crt
checking extension: keyUsage
checking extension: subjectAltName
        Critical set on MUST NOT
        directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700
checking extension: basicConstraints
        is NOT a CA
checking extension: cRLDistributionPoints
CRL Distribution Points:
Fullname:
   URI: http://www.example.com/ExampleCA.crl
checking extension: certificatePolicies
        Policy: 1.2.3.4
checking extension: authorityKeyIdentifier
        authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA
checking extension: extKeyUsage
        eku-0: 2.23.133.8.1
checking extension: subjectDirectoryAttributes
Doesn't have SubjectKeyIdentifier
$
$
$ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-devid.pem
cert: 0
    friendly name:
    private key: no
    issuer:  "CN=ExampleCA"
    subject: ""
    serial: 01
    keyusage: keyEncipherment
subject name:
issuer name: CN=ExampleCA
Validity:
        notBefore 2014-01-15 15:40:50
        notAfter  2015-01-15 15:40:50
checking extension: authorityInfoAccess
        Critical not set on MUST
        type: 1.3.6.1.5.5.7.48.2
        dirname: URI: http://www.example.com/ExampleCA.crt
checking extension: keyUsage
checking extension: subjectAltName
        Critical set on MUST NOT
        directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700
        otherName: 1.3.6.1.5.5.7.8.4 HardwareModuleName 2.23.133.1.2:tpmserialnumber
checking extension: basicConstraints
        is NOT a CA
checking extension: cRLDistributionPoints
CRL Distribution Points:
Fullname:
   URI: http://www.example.com/ExampleCA.crl
checking extension: certificatePolicies
        Policy: 1.2.3.4
checking extension: authorityKeyIdentifier
        authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA
checking extension: extKeyUsage
        eku-0: 2.23.133.8.1
checking extension: subjectDirectoryAttributes
Doesn't have SubjectKeyIdentifier
$

lib/hx509/data/tcg-devid.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlFeGFt
+cGxlQ0EwHhcNMTQwMTE1MTU0MDUwWhcNMTUwMTE1MTU0MDUwWjAAMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncvm0aOBK05rdNInYXzJGV5SFteVUFpt
+XFxg4evROvlulB3BzUmFGQYFDcItVnJX2fAvf0UJLtLBVBQggb5ylL6bRpj72cS3
+oyNbs0CGmix9Z1QDjkZZFvIsD1GcKO0tvsCvsEItH8Cm0fq8WcGFijWLdRD5eulP
+55pq1bAHAvIo4+VLMJVBG71xrKGZeHPjKoq6seYjh7AGy+hk2vmFzpZ8Ghdgqv+K
+02IZ7FEdzuylHW8U3qsxBHysMut4inj6AiVf467OOs5meHiifIK9MGkovMrfY9iX
+uUVUs/KXpE1sgeoX9BLvx1BPcODosr5K+z5i71OtIXy4CXrPvcGzRwIDAQABo4IB
+hzCCAYMwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3LmV4
+YW1wbGUuY29tL0V4YW1wbGVDQS5jcnQwDgYDVR0PAQH/BAQDAgAgMIGBBgNVHREB
+Af8EdzB1pEswSTEWMBQGBWeBBQIBDAtpZDo1NDQzNDcwMDEXMBUGBWeBBQICDAxB
+QkNERUYxMjM0NTYxFjAUBgVngQUCAwwLaWQ6MDAwMTAwMjOgJgYIKwYBBQUHCASg
+GjAYBgVngQUBAgQPdHBtc2VyaWFsbnVtYmVyMAwGA1UdEwEB/wQCMAAwNQYDVR0f
+BC4wLDAqoCigJoYkaHR0cDovL3d3dy5leGFtcGxlLmNvbS9FeGFtcGxlQ0EuY3Js
+MBAGA1UdIAQJMAcwBQYDKgMEMB8GA1UdIwQYMBaAFDR3ZyRMRK/nnirgskxpV5Uk
+sz3aMBAGA1UdJQQJMAcGBWeBBQgBMCEGA1UdCQQaMBgwFgYFZ4EFAhAxDTALDAMy
+LjACAQACAWMwDQYJKoZIhvcNAQELBQADggEBABtrZu0n/7jPTYxak2n30AUakS7f
+Ihomojo14e8Lp/HF7/2VaUcohJH4KekCHTf8wpPxM/b9xRKLSOORA2Ey255Q2h8T
+v19he0dcdTvDPNQVY3AKaFO4cNiXeOYPR8n3IDYK5QdPqrdRX4/Bc34QcTWFDALx
+C00L/kDvBjV7l0Et2DBJIiBNziVKxs1xn136buZYRam6ZJhTRzNMMQ0eZ279Um4M
+39EI4DIFv6FzX0sC5waacVg6HFYd933NtdkDWV0VTGuk+5V8rH4Sjx+sywHahkoz
+BJhQBai2qiWEt7bB0ExGN2ZXPjiQiG4UHvLgGlCOUHX7EDNf0dvfUIZ6hLY=
+-----END CERTIFICATE-----

lib/hx509/data/tcg-ek-cp.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlFeGFt
+cGxlQ0EwHhcNMTQwMTE1MTU0MDUwWhcNMTUwMTE1MTU0MDUwWjAAMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncvm0aOBK05rdNInYXzJGV5SFteVUFpt
+XFxg4evROvlulB3BzUmFGQYFDcItVnJX2fAvf0UJLtLBVBQggb5ylL6bRpj72cS3
+oyNbs0CGmix9Z1QDjkZZFvIsD1GcKO0tvsCvsEItH8Cm0fq8WcGFijWLdRD5eulP
+55pq1bAHAvIo4+VLMJVBG71xrKGZeHPjKoq6seYjh7AGy+hk2vmFzpZ8Ghdgqv+K
+02IZ7FEdzuylHW8U3qsxBHysMut4inj6AiVf467OOs5meHiifIK9MGkovMrfY9iX
+uUVUs/KXpE1sgeoX9BLvx1BPcODosr5K+z5i71OtIXy4CXrPvcGzRwIDAQABo4IB
+XjCCAVowQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3LmV4
+YW1wbGUuY29tL0V4YW1wbGVDQS5jcnQwDgYDVR0PAQH/BAQDAgAgMFkGA1UdEQEB
+/wRPME2kSzBJMRYwFAYFZ4EFAgEMC2lkOjU0NDM0NzAwMRcwFQYFZ4EFAgIMDEFC
+Q0RFRjEyMzQ1NjEWMBQGBWeBBQIDDAtpZDowMDAxMDAyMzAMBgNVHRMBAf8EAjAA
+MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly93d3cuZXhhbXBsZS5jb20vRXhhbXBs
+ZUNBLmNybDAQBgNVHSAECTAHMAUGAyoDBDAfBgNVHSMEGDAWgBQ0d2ckTESv554q
+4LJMaVeVJLM92jAQBgNVHSUECTAHBgVngQUIATAhBgNVHQkEGjAYMBYGBWeBBQIQ
+MQ0wCwwDMi4wAgEAAgFjMA0GCSqGSIb3DQEBCwUAA4IBAQAba2btJ/+4z02MWpNp
+99AFGpEu3yIaJqI6NeHvC6fxxe/9lWlHKISR+CnpAh03/MKT8TP2/cUSi0jjkQNh
+MtueUNofE79fYXtHXHU7wzzUFWNwCmhTuHDYl3jmD0fJ9yA2CuUHT6q3UV+PwXN+
+EHE1hQwC8QtNC/5A7wY1e5dBLdgwSSIgTc4lSsbNcZ9d+m7mWEWpumSYU0czTDEN
+Hmdu/VJuDN/RCOAyBb+hc19LAucGmnFYOhxWHfd9zbXZA1ldFUxrpPuVfKx+Eo8f
+rMsB2oZKMwSYUAWotqolhLe2wdBMRjdmVz44kIhuFB7y4BpQjlB1+xAzX9Hb31CG
+eoS2
+-----END CERTIFICATE-----