Introduce T_COSE_OPT_ENABLE_NON_AEAD

[kentakayama]

This PR mitigates AEAD to non-AEAD downgrade attacks by warning the library uses to comply with RFC 9459.
Non AEAD algorithms are disabled by default, and will be enabled only when the T_COSE_OPT_ENABLE_NON_AEAD option is specified by the library caller.

The library callers using AES-CTR or AES-CBC will lose the backward compatibility, but it is crucial avoiding them to be vulnerable.
For example, they must be updated from

t_cose_encrypt_dec_init(&dec_context,
                         T_COSE_OPT_MESSAGE_TYPE_ENCRYPT0);

to

/**
 * NOTE: The library caller MUST validate the authentication and integrity of data by itself outside t_cose library
 * because the COSE message doesn't provide them with non-AEAD content encryption algorithms.
 * See security considerations of RFC 9459.
 */
validate_authentication_and_integrity(cose_message_buf, digital_signature);

t_cose_encrypt_dec_init(&dec_context,
                         T_COSE_OPT_MESSAGE_TYPE_ENCRYPT0 | T_COSE_OPT_ENABLE_NON_AEAD);

[laurencelundblade]

I'm going to hold on this for a few days to see the outcome of the errata proposal separately in email.

Thanks! Really appreciate the contribution

[laurencelundblade]

Really appreciate the PR and like the design (and test coverage!)

Would like to add a specific error code (error codes cost nothing) to help the caller figure out better what went wrong and to find the solution.

Also, some wording changes. Maybe discuss in email instead of here.

Thx!

[kentakayama]

I've reflected all your comments. Please check the updated files.