Introduce Secretkeeper HAL interface

Secretkeeper is a privileged component which seals the secrets of pVM
instances & releases them on successful authentication of the pVM.

The HAL should be backed by a secure TA of higher privilege than a pVM.

This patch introduces a subset of HAL spec - the SecretManagement api. The
protocol is cbor based (specified in SecretManagement.cddl).

Test: atest VtsSecretkeeperTargetTest
Bug: 293429085
Change-Id: I8e650f27d506d378a94bbc8834c68a005fb12253