- tkeyclient instead of old tk1
- tkeysign instead of tk1sign

Digests as strings

Use NewFirmwares() and the methods on the object returned from that.

Remove use of devPath in most functions and instead open a TKey
connection and re-use that during the operations.

First stab at updating documentation for the refacotoring

- Remove install targets. To Linux and dist specific.
- Remove appbins-from-tags: We include the app binaries instead.
- Remove show-pubkey: We move it inside tkey-verification.
- Build static binary of client app, make it reproducible.
- Add a podman target.
- Add check-digest target to check device app digests.
- Run Go lint tools and expect the tools to be already installed.

- Split remoteSign() into several functions
- As an effect, introduce new command sign-challenge to only do the
  signing of the challenge part of the remote-sign flow.
- loadRemoteSignConfig() now returns Server instead of Config, setting
  up a TLS config in there.
- Skip passing checkConfigOnly to remoteSign(). Handle in main.go.
- Turn many exits to return errors.

The show-pubkey command outputs the vendor signing pubkey, the app
tag, and app hash digest to stdout. The output is in the format used
for a line in the vendor-signing-pubkey.txt file, and used to embed
another vendor signing key.

The command takes takes an argument with the path to the devie app
using --app path/to/app.bin

- Use gon for signing.
- Skip test for homebrew formula for now.

- Tkeyclient does not support building static binaries for Darwin, it
  requires CGO to enable enumeration of connected serial devices. In the
  short term we enable CGO for Darwin before we can find another
  reliable solution. See issue #13.

It contains a lock and should be passed by reference instead of by
value.

We haven't decided on the use of depguard gci, or gufumpt yet.

- Verisigner is deprecated for the use of tkey-device-signer, hence it
  is removed in this repo - but still buildable if checking out a
  verisigner tag.
- The binaries are not included in the repo.
- Remove the builds scripts associated with verisigner.
- Changes to readme to reflect.

Instead of initializing all of:

- vendor keys
- app binaries
- known firmwares

at start regardless of what command is given on the command line, we
do only the initialization we need for the specific command given.

This also means we can't report what exactly everything is built with
without initializing so we introduce a new function
util.go:builtWith() which does this for us.

- We move the error handling to their own file.
- Expand the constant error list with the UDI errors.
- Complex errors get their own type.

- Remove man page in mdoc in system/
- Add scdoc file in doc/.
- Add make target to generate manual page from scdoc.