[attesation-service] Unify Verification Logic Between SNP and SNP-vTPM Paths

[csegarragonz]

Right now, the SNP (bare-metal) verification logic relies on the snpguest crate that pins to a given version of sev. The SNP-vTPM verification logic relies on the az-snp-vtpm crate, that pins to its own version of the sev crate. This version mismatch makes it hard to re-use code across both modules. To workaround this issue we define an AmdKdsReport trait, but we still have two co-existing versions of the sev crate pinned to a different tag.

We also use snpguest and az-snp-vtpm rather lightly. In the future we should consider relying only on the low-level sev crate and improve the code re-use across both.