Extract RKTH from CMPA RotPage in inventory to use in planner

[karencfv]

To make RoT and RoT bootloader artifact verification in the planner more robust, we'd like to compare an RoT/RoT bootloader's sign field in the caboose (which is the RKTH) to the CMPA's rkth field found in inventory.

Today all we get from inventory for RotPage are base64 encoded blobs. We need to have a way to safely decode and extract this information so the planner can use it.

[davepacheco]

@karencfv is this something we already did to get the planner support in? Or is this something we'd like to do later? If so, can you summarize the impact or risk right now? I'm trying to figure out if it should be a blocker, important non-blocker, or nice-to-have.

[karencfv]

It's something we can do later. There is little to no risk now, but as I understand it is more correct to retrieve the RKTH value directly from the CMPA page than from the sign field in the caboose. @plotnick might be able to elaborate more.