Make sign-if-logged device app ready for Bellatrix

Main TODOs:

• Start a repo somewhere under git.glasklar.is/sigsum
• Target Bellatrix (prototype is written for Castor)
  • Out of scope: castor (unless the work to support both is marginal)
  • In the future: add support for castor too
  • (This priority has been requested by Tillitis.)
• Polish protocol between device and host app
• Fix state management
  • Policy not loaded
  • Policy loaded
  • Update policy
• Fix error handling
  • E.g., right now the device crashes on bad input from host app
• Other minor fixes and implementation polishing
  • In scope: things that we don't want to immediately have to change after release, since that will result in new signing keys which is annoying.
• Take an appropriate stab at testing / CI
• Device app builds reproducibly
  • Maybe already the case but needs double checking
• Appropriate documentation
• Release v1.0.0

As for supported signing -- target ed25519 and 256r1 with sha256 which is what we already got working in nisse's prototype.

Nisse will do all the work here, but needs input and review from mc/Tillitis on request.