[WIP] Add dynamic PCR policy support for disk key sealing

[shjala]

Description

Implement configurable PCR selection for TPM disk key sealing/unsealing
operations. This allows the controller to specify which PCRs should be
used when sealing the vault key, enabling more flexible TPM measurement
policies.

changes:

• Add GetDiskKeySealingPCRs() to read PCR policy from persistent storage
• Add SaveDiskKeySealingPCRs() with validation for PCR policy indexes
• Rename DiskKeySealingPCRs to DefaultDiskKeySealingPCRs for clarity
• Update vaultmgr to handle controller-provided PCR policies
• Persist PCR policy
• Update all callers to use dynamic PCR selection

PR dependencies

lf-edge/eve-api#125

How to test and validate this PR

Please describe how the changes in this PR can be validated or verified. For
example:

• If your PR fixes a bug, outline the steps to confirm the issue is resolved.
• If your PR introduces a new feature, explain how to test and validate it.

This will be used

1. to provide test scenarios for the QA team
2. by a reviewer to validate the changes in this PR.

The first is especially important, so, please make sure to provide as much
detail as possible.

If it's covered by an automated test, please mention it here.

Changelog notes

Text in this section will be used to generate the changelog entry for
release notes. The consumers of this are end users, not developers.
So, provide a clear and short description of what is changed in the PR from
the end user perspective. If it changes only tooling or some internal
implementation, put a note like "No user-facing changes" or "None".

PR Backports

For all current LTS branches, please state explicitly if this PR should be
backported or not. This section is used by our scripts to track the backports,
so, please, do not omit it.

Here is the list of current LTS branches (it should be always up to date):

• 14.5-stable
• 13.4-stable

For example, if this PR fixes a bug in a feature that was introduced in 14.5,
you can write:

- 14.5-stable: To be backported.
- 13.4-stable: No, as the feature is not available there.

Also, to the PRs that should be backported into any stable branch, please
add a label stable.

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device
• I've tested my PR on arm64 device
• I've written the test verification instructions
• I've set the proper labels to this PR

For backport PRs (remove it if it's not a backport):

• I've added a reference link to the original PR
• PR's title follows the template

And the last but not least:

• I've checked the boxes above, or I've provided a good reason why I didn't
  check them.

Please, check the boxes above after submitting the PR in interactive mode.

[codecov]

Codecov Report

❌ Patch coverage is 65.07937% with 22 lines in your changes missing coverage. Please review.
✅ Project coverage is 21.56%. Comparing base (2281599) to head (5af49ee).
⚠️ Report is 87 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/pillar/evetpm/tpm.go	65.07%	15 Missing and 7 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5398      +/-   ##
==========================================
+ Coverage   19.52%   21.56%   +2.03%     
==========================================
  Files          19       19              
  Lines        3021     2370     -651     
==========================================
- Hits          590      511      -79     
+ Misses       2310     1731     -579     
- Partials      121      128       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.