Vote and Cert validation

[lukaszrzasik]

Closes #3520

This PR:

This PR tries to improve a vote and a certificate validation. The existing problem is that both a view and a certificate include a view number. These view numbers are not signed in any way and can be easily spoofed by a malicious actor, e.g. a valid certificate can be received by a malicious leader which can then re-send the received certificate with changed view numbers. These will be accepted as valid certificates by the other nodes and can wreck havoc on the consensus.

The approach taken by this PR is following:

Changes in the Vote trait: The Vote trait is now Committable on its own (not only its data). Explained below for SimpleVote. create_signed_vote is now a trait associated function.

Changes to SimpleVote: vote_commitment calculates the commitment for the whole vote (data + view number). There's a new private associated function called commit which calculates the commit based on the data and the view number. This method is used in create_signed_vote and in the commit method.

Changes to SimpleCertificate: The vote_commitment field is now private and should not be used in any way. There is a new associated function which created a certificate. vote_commitment method calculates and returns the vote's commitment instead of returning the stored the commitment. This means the commitment is calculated from the data and the view number. is_valid_cert now correctly checks the received signature against the locally calculated commitment which includes the vote's data and the view number.

This PR does not:

Key places to review:

The crucial parts are in: is_valid_cert method and vote_commitment method of the SimpleCertificate.