Move all non-attestation abilities from AA to CDH

[Xynnn007]

Currently, AA supports not only attestation related work, but also some confidential resource injection abilities, including the following

• GetResource
• Image decryption (s.t. UnwrapKey, called by ocicrypt-rs)
• Image signature verification (s.t. GetResource, called by image-rs to get public key)

At the same time, we are add these functionalities to CDH. The goal is to move all these non-attestation ability to CDH. In this way AA can be a separate service that focus on attestation, including get hw evidence and get attestation token.

Also, we might need add/change some integration test to check if image-rs/ocicrypt-rs work well with CDH.

cc @fitzthum @jialez0