feat: use real RA-TLS for everything

* add `tee-ratls-preexec` for creating the vault certificate
* remove the old attestation API

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

Cargo.toml

@@ -27,6 +27,7 @@ hex.workspace = true
 intel-tee-quote-verification-rs.workspace = true
 num-integer.workspace = true
 num-traits.workspace = true
+p256.workspace = true
 pgp.workspace = true
 pkcs8.workspace = true
 rand.workspace = true
@@ -38,8 +39,10 @@ serde.workspace = true
 serde_json.workspace = true
 serde_with.workspace = true
 sha2.workspace = true
+signature.workspace = true
 thiserror.workspace = true
 tracing.workspace = true
+webpki-roots.workspace = true
 x509-cert.workspace = true
 zeroize.workspace = true
 
@@ -86,10 +89,11 @@ mio = "0.8.10"
 num-integer = "0.1.46"
 num-traits = "0.2.18"
 pgp = "0.11"
+p256 = "0.13.2"
 pkcs8 = { version = "0.10" }
 rand = "0.8"
 ring = { version = "0.17.8", features = ["std"], default-features = false }
-rsa = { version = "0.9.6", features = ["sha2"] }
+rsa = { version = "0.9.6", features = ["sha2", "pem"] }
 rustls = { version = "0.22" }
 rustls-pemfile = "2"
 sec1 = { version = "0.7.3", features = ["der"], default-features = false }
@@ -97,6 +101,7 @@ serde = { version = "1", features = ["derive", "rc"] }
 serde_json = "1"
 serde_with = { version = "3.6", features = ["base64", "hex"] }
 sha2 = "0.10.8"
+signature = "2.2.0"
 teepot = { path = "." }
 testaso = "0.1.0"
 thiserror = "1.0.57"
@@ -105,6 +110,6 @@ tracing = "0.1"
 tracing-actix-web = "0.7"
 tracing-log = "0.2"
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
-x509 = { version = "0.2", package = "x509-cert", default-features = false }
-x509-cert = "0.2.5"
+x509-cert = { version = "0.2", features = ["builder", "signature"] }
 zeroize = { version = "1.7.0", features = ["serde"] }
+webpki-roots = "0.26.1"