Most of the code here is for the loader only.
It is basically a simple standalone implementation
of Verified Exec for the loader.
The srcs listed in Makefile.libsa.inc are only
used by the loader (or the tests/ application).
local.trust.mk is provided as an example
it needs to be tweaked for local environment.
Its job is to populate the trust anchors that get embedded into vets.c
and opgp_key.c (if OPENPGP support is enabled).
Right now it enables sha1 simply to facilitate testing with a Junos VM
which has sha1 fingerprints in its manifests.
That will be removed before commit.
All the hashes and signature algorithms to be supported are
configurable via local.trust.mk