Switch crate used for TDX quote generation from configfs-tsm to tdx-attest

[ameba23]

This PR switches the crate used for TDX quote generation from configfs-tsm to tdx-attest.

Closes #26

tdx-attest has some features lacking in configfs-tsm, such as fallback to using vSOCK to QGS when configfs-tsm interface is not available, better generation handling, and better retry logic.

There is also a licensing issue with configfs-tsm - it is AGPL. Although i could probably get that changed if there were not other reasons to switch.

However, two things to be aware of:

Concurrency

tdx-attest serializes all get_quote calls with a process-wide mutex. That reduces races around its shared configfs path, but it also means concurrent callers in the same process cannot generate quotes in parallel.

However, configfs-tsm creates a separate configfs directory per input hash, so in principle quote with different report data can proceed independently.

In practice we know that quote generation is mostly serialized by the QGS, and on GCP our benchmarks indicate it is totally serialized, so this should not slow things down.

Timeouts

tdx-attest’s wait_for_generation_change loops without a timeout after writing inblob. If configfs accepts the write but for some reason the generation never changes, it can hang. Since configfs-tsm may also block during read_to_end (depending on kernel behavior), i don't consider this an issue for this PR. But we could consider putting a timeout around the call to get_quote.

TODO

• Test on a GCP deployment - do not merge until this box is checked.