Verify that the OpCert used for registration is the latest

[jpraynaud]

Issue

During signer registration, we use the KES Secret Key and the Operational Certificate to verify that the Mithril keys registered are associated to the correct SPO (i.e. owner of the associated Pool ID that is used to match stakes)

In order to avoid using a stale Operational Certificate (with an issue counter that is less than the latest counter used to register an Operational Certificate on the Cardano chain), we need to find a mechanism that enforces usage of the latest counter.

We could probably use the counters that are registered on the Cardano nodes and retrievable by the command from the Cardano cli: cardano-cli query protocol-state --mainnet | jq .oCertCounters.

However, we have identified a few difficulties with this approach:

• With the broadcast channel implemented to provide key registration (i.e. the Aggregator broadcasts the Signer registration): Signer registration is used 2 epochs after registration for signature, which means that we would probably need to trust the information (i.e. the counter value) sent by the signer at registration)
• The signer registration will be done on-chain in the future and smart contracts are probably not aware of the Operational Certificate counters, which might be a problem

[jpraynaud]

A possible solution is to have the signer and aggregator nodes:

• Keep track of the OpCert counter for each epoch
• Make sure that the same counter was used at registration epoch when they proceed to the computation of the Mithril stake distribution (AVK) which takes place few epoch later