Specification of user defined claims in RA evidence in CC-KBC Attester for SGX

[Xynnn007]

Related to #120

I am working on Occlum attester in cc-kbc confidential-containers/attestation-agent#136. Now the Evidence is defined as following. Please ignore the name as I think we can use a same format of Evidence for occlum and gramine.

struct SgxOcclumAttesterEvidence {
    /// Base64 encoded SGX quote.
    quote: String,
}

Now it only contains the base64-encoded sgx quote. We can include more claims in the Evidence by including the digest of the claims into report_data field, by which we can bond the claims to the quote.
That is, like a claim

{
    "a": "value a",
    ...
}

Could be part of the evidence.

The question is what we can include?

Some initial ideas:

• As the verifier will get raw data mr_enclave from the quote, it will not know which payload is measured, s.t. what paylaod is corresponding to the mr_enclave. We could add the type or name of the payload, for example we use a key "mrenclave-id" to specify the payload, s.t. "mrenclave-id":"occlumv1.0+enclave-agentv1.0" (?) to tell the verifier which reference value should be used to compare
• mr_signer: like mr_encalve, do we need to specify the signer of the sgx so file?

We might need to have a public specification for different keys and their usages?