Local watcher for Signify passcode / key compromise detection and recovery

[kentbull]

Feature request description/rationale

Detection of key compromise of the Signify root seed / passcode is not possible without a local watcher. We need to implement the local watcher so that on startup a Signify controller can query it's agent's local watcher, get it's watcher's version of it's own KEL, and then verify whether key compromise has occurred or not.

And, this check should be running in the background in the Signify app on a regular basis.

The watcher could be run either locally or remotely depending on the architectural needs of a given implementation.