Add support for production signing with Azure Key Vault

[svenkata9]

Signed-off-by: Sankaranarayanan Venkatasubramanian [email protected]

Description of the changes

This change enables production signing with Azure Key Vault's Managed HSM. The gsc.py script is modified to take a keytype parameter that will use pem for local private key and akv for Azure Key Vault.

Please also see gramineproject/gramine#1020 for the changes to gramine-sgx-sign

This change replaces the Dockerfile template used for signing with two different templates - one for local signing (default) and the other one for signing with Azure Key Vault.

In case of Azure Key Vault, we currently enable signing only for login with az-cli. So, the corresponding Dockerfile installs the AKV related packages and invokes az login. This will prompt an authentication during the signing stage and will wait until the authentication succeeds (or fails) - please see below. (This will be revisited later once we have managed identity working with Azure subscription).

Related issues in Gramine:

• RFC: Separate signing gramine#11
• Enable 2-step signing in gramine sign tool gramine#698

How to test this PR?

Please apply gramineproject/gramine#1020 and build Gramine with the corresponding changes. And, run ./gsc sign-image --keytype akv --key vault_url:keyname <unsigned gramine image> to test.

---

This change is 

[svenkata9]

This PR is now obsolete since we decided to make integration related scripts available in the contrib. I will close this PR and open a new one adding the templates to contrib repo.