Update signed document deserializer to use catalyst-id as `kid`

[stevenj]

Summary

Use the new catalyst-id in URI format as the KID for a signed document

Description

Use the catalyst-id and type for it in catalyst-libs, to parse and validate kid for signatures on a signed document.
Implement an authors() function on the document type, which returns a list of all authors (being short_id() versions of all kids. Implement an kids()function on the document type which returns a list of allkids()needed to validate the document. Expose a validate function which takes an algorithm identifier and public key which matches the algorithm, for eachkidreturned by thekids()` function. There is no need to partially validate, so if all public keys are not supplied then validation has failed.

The caller will extract the public key and algorithm from the RBAC registration.
Do not create a new set of types for these, use common types supported and exposed by the RBAC registration crate itself.

Depends on

• feat(rust): Upgrade the Catalyst Key Id to be a more general Catalyst ID which can be used both as a Key ID and a registration ID. #159

Acceptance Criteria

For the Signed Document Type:

• Deserializing only accepts URI form ID's as KIDs. Anything else is an error.
• Can return all author id through appropriate method.
• Can return all kid id's through appropriate method.
• Can validate itself given a list of algorithms and public keys which match the ids returned in the kid list.
• Does not create a new set of algorithm and key types, but re-uses types defined by the RBAC crate, or another lower level common crate which defines these. Ideally these align with algorithm identifiers known to x509/c509 certificates.