Verify pre-DR self-issued receipts

[maxtropets]

✅ Long Test passed

Yet another item of #7401.

Uses prefetched endorsements for previous identities to build a trusted key chain, and for each endorsed SeqNo return a corresponding service key.

Therefore, improved the self-signing receipt verification API to exercise the new functionality and support receipts from the past.

Other changes

• Extended some APIs to allow creating COSE verifiers and EC keys from std::spans
• Same for base64 API
• Made the testing COSE receipt endpoint no_auth
• Extended existing endorsement chain e2e testing (recovery) with targeted receipt fetching and verification

[Copilot]

Pull request overview

This PR implements verification of COSE receipts from previous service identities (pre-disaster recovery) by building a trusted key chain from endorsements. The key enhancement is the ability to verify historical receipts by resolving the appropriate service identity key for a given transaction sequence number through the endorsement chain.

Key changes:

• Builds and maintains a trusted key chain from COSE endorsements with integrity verification
• Extends receipt verification to support historical identities by looking up the appropriate service key for each transaction
• Adds span-based constructors to crypto APIs (EC public keys, COSE verifiers, base64) for improved flexibility

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tests/recovery.py	Adds COSE receipt verification testing to recovery scenarios with retry logic for fetching and verifying receipts at specific transaction IDs
src/node/rpc/network_identity_subsystem.h	Implements trusted key chain building and lookup functionality, including get_trusted_identity_for() method to resolve service keys by sequence number
src/node/historical_queries_utils.cpp	Updates receipt verification to use trusted identity lookup based on transaction ID rather than only current service identity
src/crypto/openssl/public_key.h	Adds span-based constructor for PublicKey_OpenSSL
src/crypto/openssl/ec_public_key.cpp	Implements span-based factory function for EC public keys
src/crypto/openssl/cose_verifier.h	Declares span-based constructor for COSEKeyVerifier_OpenSSL
src/crypto/openssl/cose_verifier.cpp	Implements span-based constructor and factory for COSE verifiers
src/crypto/base64.cpp	Adds span-based overload for base64 encoding
samples/apps/logging/logging.cpp	Changes COSE receipt endpoint from authenticated to no_auth_required for public access
include/ccf/network_identity_interface.h	Adds get_trusted_identity_for() interface method for retrieving service keys by sequence number
include/ccf/historical_queries_utils.h	Updates documentation to reflect verification of both current and historical service identities
include/ccf/crypto/ec_public_key.h	Documents span-based EC public key factory function
include/ccf/crypto/cose_verifier.h	Declares span-based COSE verifier factory function
include/ccf/crypto/base64.h	Declares span-based base64 encoding function
doc/schemas/app_openapi.json	Removes security requirements from COSE receipt endpoint in OpenAPI schema

[Copilot]

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 4 comments.