BearSSL is a tiny library suitable for embedded apps like loader.
It provides all the functionality needed to verify
RSA and ECDSA signatures using X.509 certificate chains.
Initially at least BearSSL needs to be checked out externally to the
FreeBSD tree, with the variable BEARSSL set to point to it.
Makefile.libsa.inc is included by stand/libsa and lists only the
sources needed by the loader.