Add MbedTLS signature verification

[mzella-ll]

Summary

This PR adds an MbedTLS-based implementation of signature_verify().

The existing OpenSSL implementation remains unchanged. When MBEDTLS is defined, the function now performs real ECDSA signature verification instead of falling back to the temporary stub.

Changes

• Add MbedTLS includes for public-key handling, SHA-256 hashing, and ASN.1 parsing.
• Add helper logic to parse DER-encoded ECDSA signatures and extract the r and s values.
• Add an MbedTLS implementation of signature_verify().
• Validate input data and signature pointers before verification.
• Hash the input data using SHA-256.
• Load the secp256r1 ECDSA curve.
• Load the public key and verify it against the curve.
• Verify the ECDSA signature using MbedTLS.

Motivation

Some embedded targets use MbedTLS instead of OpenSSL. These targets should be able to perform signature verification without depending on OpenSSL.

This change adds the missing MbedTLS verification backend while preserving the existing OpenSSL path.

Expected behavior

When built with MBEDTLS defined, signature_verify() verifies the provided ECDSA signature using MbedTLS.

When built with OPENSSL defined, the existing OpenSSL implementation is used.

When neither backend is enabled, the existing fallback behavior remains unchanged.

Related issue

Fixes #53