Ccf

- Add HMAC support to JS API. Call with `ccf.crypto.sign({"name": "HMAC", "hash": "SHA-256"}, key, data)`.
- Add `/node/ready/app` and `/node/ready/gov` endpoints for the use of load balancers wanting to check if a node is ready to accept application or governance transactions. See [Operator RPC API](https://microsoft.github.io/CCF/main/operations/operator_rpc_api.html) for details.
- SGX builds now use OpenSSL 3.1.1 inside the enclave by default (5481).
- JWT verifiers are now automatically cached, for increased performance (5575).
- `GET /api/metrics` now correctly returns templated endpoint paths (5539).
- Fix TLS bug that could cause TLS handshakes to fail (5482).

- Expose COSESign1 `content` for `user_cose_sign1` authenticated endpoints in JavaScript/TypeScript apps (5465).

- Updated Open Enclave to [0.19.3](https://github.com/openenclave/openenclave/releases/tag/v0.19.3).

- Debug logging is now available in non-SGX builds by default, and controlled by a run-time CLI argument (`--enclave-log-level`). On SGX this remains a build-time decision (5375).
- Supporting intermediate cert chain included in TLS handshake, where previously only server leaf certificate was present (5453).
- Added `getVersionOfPreviousWrite` to TypeScript `TypedKvMap` interface (5451).

- Added TypeScript interfaces `UserCOSESign1AuthnIdentity` and `MemberCOSESign1AuthnIdentity`, to be used with `user_cose_sign1` and `member_cose_sign1` authentication policies.

- User can now pass a `--config-timeout` option to `cchost` on startup. For example, a user wanting to start a `cchost` that may need to wait up 10 seconds for a valid config to appear under `/cfg/path` can invoke `./cchost --config-timeout 10s --config /path/cfg`.
- If a pid file path is configured, `cchost` will no longer start if a file is present at that path.