Optimisation of on-chain DCAP v3 Attestation via ZK-based ECDSA signature verification

Goal: Change the on-chain ecdsa256 signature verifications to ZK circuit verification, to reduce the gas used in verification.

There are [3 places](https://github.com/automata-network/automata-dcap-v3-attestation/blob/main/contracts/AutomataDcapV3Attestation.sol#L266-L286) to perform the ecdsa256 signature verifications in the current smart contract implementation:

1. Verify cert chain for PCK: https://github.com/automata-network/automata-dcap-v3-attestation/blob/main/contracts/AutomataDcapV3Attestation.sol#L406-L413
2. Verify the local attestation signature: https://github.com/automata-network/automata-dcap-v3-attestation/blob/main/contracts/AutomataDcapV3Attestation.sol#L448-L452
3. Verify the QE report signature: https://github.com/automata-network/automata-dcap-v3-attestation/blob/main/contracts/AutomataDcapV3Attestation.sol#L443-L447

The POC provided by Clique is to perform a ZKP generation and verification for #3.
https://github.com/CliqueOfficial/zk-dcap-verifier

TODOs

• Off-chain part
  • ZKP Circuit
    • Leverage the Clique’s POC, test the possibility of parameterizing the circuit inputs.
    • Aggregate multiple ecdsa256 signature verifications into 1 circuit.
  • User-friendly CLI
    • Produce a signature proof given a DCAP v3 quote.
    • Produce the unsigned transaction to the smart contract, by using the quote and circuit.
• On-chain part
  • Smart contract
    • Adjust the function interface to add the ZKP circuit parameter.
    • Adjust the signature verifications to use the ZKP circuit, send the decoded fields as the public inputs to the circuit to perform an aggregated ecdsa256 signature verification, the number of the public inputs is equal to 3 times of the number of ecdsa256 signature verifications. Because we need to verify the cert chain, and it will be greater than 3 ecdsa256 signature verifications because of the intermediate certs.
    • Benchmark and breakdown gas cost for new implementation.

Summary of ECDSA signatures performed in the circuit:

• PCK Cert Chain Verification
• Local Enclave Attestation Signature
• QE Attestation Signature

References

• Automata Intel SGX DCAP v3 attestation: https://github.com/automata-network/automata-dcap-v3-attestation
• Clique on-chain ecdsa signature verification in halo2 (POC): https://github.com/CliqueOfficial/zk-dcap-verifier

I had a couple of suggestions after using this interface:

• Allow overriding the policy involving enclave signer. If we check mrenclave anyway, checking mrsigner seems redundant. I'd like for people to be able to generate attestations with an enclave they just built from source.
• Make it easier to check the current value of checkLocalEnclaveReport. It's marked private so subclasses can't access it, there's no getter method, and the only way to interact with it is to "toggle" it