RA-TLS verification error wrapping

[lonerapier]

We're trying to write a Golang wrapper on top of Gramine's RA-TLS verification module. While trying to show the errors to the user, we discovered that most of the SGX errors, although logged, are abstracted in the verification function and only a few errors are reported.

What was the design decision behind this approach? What are your thoughts about returning the original error to the user so that it can be handled accordingly? Would it involve too large a change, or some other factors are involved?

One use case of having more verbose return values is to know why the attestation verification failed, and every user might not have access to stdout/stderr for logs.

For example: we might want to handle SGX_QL_QV_RESULT_SW_HARDENING_NEEDED according to our use case but MBEDTLS_ERR_X509_CERT_VERIFY_FAILED doesn't give enough information about the error.