[spmutil] enable provisioning DICE and SKU-specific CA keys

[timothytrippel]

OpenTitan Earlgrey provisioning flows support endorsing two different types of certificate chains:

1. DICE
2. SKU-specific

Each chain type requires a different CA. Therefore, the spmutil tool should be updated to enable generating:

• DICE CA keys and cert (ECDSA P256, P384, P521)
• SKU-Specific CAs keys and certs (could be many per SKU, same key sizes supported above)

The documentation and deployment scripts should be updated to detail how to generate these assets.

[moidx]

I am planning to modify the HSM initialization infrastructure to support a SKU configuration file. This file will have the key type and additional attributes required to perform keygen, as well as unique labels.

The utility will support the following actions:

• wipe: Removes all keys.
• keygen: Generates keys.
• export: Export keys.
• import: Import keys.

I will start by modifying the spmutil binary to implement this functionality and enable the CI infrastructure, but will later on move to use OpenTitan's hsmtool as this will become our canonical HSM utility.