Add sigsum-c repository tailored for offline verification

Overview

An implementation of everything that's needed to do offline verification in C.

Consistency proof verification (although not needed for offline verification) is also in scope to facilitate building of, e.g., TKey log/witness signing apps.

In detail

1. Consistency proof verification (Merkle tree)
2. Inclusion proof verification (Merkle tree)
3. Policy format parsing
   • ASCII (convert to binary format)
   • Binary (parse binary format)
4. Sigsum proof parsing
   • ASCII (convert to binary format)
   • Binary (parse binary format)
5. Sigsum submitter key parsing
   • ASCII (convert to binary format)
   • Binary (parse binary format)
6. Offline verify API using (2)--(5)

We will need a little bit of tinkering wrt. API (think sigsum.h) as well as testing and review as we port nisse's prototype implementation piece by piece.

Testing notes:

• Need additional tests that are not "just good path"
• Maybe a few more Merkle tree tests (from rgdd)
• Similar policy testing as in sigsum-go (so basically testing different types of quorums)
• Maybe flip bits in all Sigsum proof fields and expect failure (or similar)

Nisse will be/become the maintainer of sigsum-c.