fix: skip empty reference value IDs in TrustedServices.GetAttestation

Fixes veraison#42. When attestation schemes return empty reference value IDs,
the GetAttestation method now skips them before calling kvstore.Get()
to avoid 'the supplied key is empty' errors.

This commonly occurs when no software components are provisioned
in trust anchors, causing handlers to return []string{""} for
missing software reference IDs.

Signed-off-by: Kallal Mukherjee <[email protected]>

Author: kallal79

vts/trustedservices/trustedservices_grpc.go

@@ -442,6 +442,11 @@ func (o *GRPC) GetAttestation(
 
 	var multEndorsements []string
 	for _, refvalID := range appraisal.EvidenceContext.ReferenceIds {
+		// Skip empty reference IDs (can occur when no software components are provisioned)
+		if refvalID == "" {
+			o.logger.Debugw("skipping empty reference ID", "refvalID", refvalID)
+			continue
+		}
 
 		endorsements, err := o.EnStore.Get(refvalID)
 		if err != nil && !errors.Is(err, kvstore.ErrKeyNotFound) {