feat: DSSE signing extension

feat: Add DSSE-based cryptographic signing for CloudEvents verification

Implements verifiable CloudEvents using DSSE (Dead Simple Signing
Envelope) to ensure event authenticity and integrity across untrusted
transport layers.

Key features:
- Sign CloudEvents with DSSE v1.0.2 protocol using SHA256 digests
- Transport verification material in 'dssematerial' extension attribute
- Support for binary, structured, and batch CloudEvent modes
- Backward compatible - unsigned events still work, consumers can ignore
  signatures (but highly inadvisable)

Technical approach:
- Creates SHA256 digest chain of all context attributes and event data
- Wraps digest in DSSE envelope with Base64 encoding
- Verifies by recomputing digests and comparing against signed payload
- Returns only verified data to consumers (strips unverified extensions)

This enables cryptographic proof that events:
1. Were produced by the claimed source (authenticity)
2. Were not modified in transit (integrity)

Does NOT address: event ordering, completeness, replay attacks, or
confidentiality

Signed-off-by: xibz <bjp@apple.com>

Author: xibz