Trusted cert cache and verify callbacks

[bigbrett]

Introduces two new features:

1. Adds a "Trusted cert cache" maintained by the server for each client that "remembers" certificates (intermediate and leaf) after they are verified as trusted in a cert chain verification operation (based on the SHA256 over the cert). Any time the cert is subsequently encountered in a chain verification operation, the public key verification is short-circuited, and the cert is automatically registered as trusted. This feature exists to enhance performance in scenarios where the same cert chain is expected to be encountered multiple times (think wolfBoot cert chain auth for a time-critical boot).
2. Adds the ability for the user to inject a verify callback into the certificate manager for cert chain verification. This allows the chain verification to be further exteneded or overriden by the user (domain name/SAN validation, etc.). Note that callbacks will NOT be invoked on cached/trusted certs, as this short circuits the entire verification process for that cert.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #353

Scan targets checked: wolfhsm-core-bugs, wolfhsm-src

Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #353

Scan targets checked: wolfhsm-core-bugs, wolfhsm-src

No new issues found in the changed files. ✅