feat: Move time stamp code into c2pa-crypto

[scouten-adobe]

No description provided.

[codecov]

Codecov Report

Attention: Patch coverage is 69.19918% with 150 lines in your changes missing coverage. Please review.

Project coverage is 81.39%. Comparing base (4874e47) to head (eb34de7).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/crypto/src/time_stamp/verify.rs	72.53%	53 Missing ⚠️
internal/crypto/src/time_stamp/response.rs	67.10%	25 Missing ⚠️
sdk/src/signer.rs	0.00%	20 Missing ⚠️
internal/crypto/src/time_stamp/provider.rs	75.00%	19 Missing ⚠️
internal/crypto/src/time_stamp/http_request.rs	77.50%	18 Missing ⚠️
sdk/src/utils/test.rs	0.00%	6 Missing ⚠️
sdk/src/cose_sign.rs	0.00%	4 Missing ⚠️
sdk/src/openssl/ed_signer.rs	0.00%	3 Missing ⚠️
internal/crypto/src/time_stamp/error.rs	0.00%	1 Missing ⚠️
sdk/src/callback_signer.rs	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #696      +/-   ##
==========================================
- Coverage   81.52%   81.39%   -0.13%     
==========================================
  Files         104      109       +5     
  Lines       30634    30711      +77     
==========================================
+ Hits        24973    24996      +23     
- Misses       5661     5715      +54     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[scouten-adobe]

@mauricefisher64 @mikeklein13 do we have any sample time stamp data that we could use to achieve independent code coverage for this?

[scouten-adobe]

Per @mauricefisher64, look at the claim_v2 branch to catch up on some recent changes to time stamp work.

[mklein13]

Thank you for your hard work on this! I have a couple of suggestions that I think could help improve the library’s structure and usability:

Decouple HTTP I/O:
Consider focusing the library on just building HTTP requests, parsing responses, and verifying them. This would simplify the library’s structure and make the code easier to test. For users needing more convenience, you might offer a way to pass in a function that takes an HTTP request and returns an HTTP response. This approach would let users choose any HTTP client they prefer while shifting connection handling to the user rather than the library. (Won't implement in this PR. Tracking as CAI-7305.)

Leverage standardized types:
It might be worth using the standardized types from the http crate for request building and parsing responses. This could enhance compatibility and consistency while making the library easier to integrate into other projects. (Won't implement in this PR. Tracking as CAI-7306.)

Decouple verifying logic from response parsing:
Combining both responsablities leads to complicated code that's difficult to fully test. (Won't implement in this PR. Tracking as CAI-7307.)

[scouten-adobe]

@mauricefisher64 Almost there: Still need to bring over claim_v2's version of get_tst_info_from_signed_data. Out of gas for tonight; will look at it when I spin up tomorrow.

[mklein13]

Discussed offline. Suggested updates will be addressed after this is merged.