Key manager should use per-runtime quote policy

[kostko]

Currently the key manager runtime takes its own quote policy into account for all incoming EnclaveRPC connections. It should instead support using per-runtime quote policies in order to allow independent policies (eg. maybe a stricter quote policy for the key manager runtime itself, and more relaxed quote policy for runtimes).

[martintomazic]

Currently the key manager runtime takes its own quote policy into account for all incoming EnclaveRPC connections. It should instead support using per-runtime quote policies in order to allow independent policies...

Initially, I thought that if key-manager serves a secret for a runtime A, then all it cares during EnclaveRPC is that client (e.g. compute node) provides attestation that passes SGX constraints defined in the consensus for runtime A. This should be safe as secrets are derived per-runtime, moreover runtimes should have freedom (and responsibility) for setting suitable trust.

Looking at #6387 motivation:

This would allow a more relaxed general policy but stricter requirements for nodes that can access the key manager (e.g. compute/observer nodes).

Would it make sense to have it implemented this way? In fact when I started working on https://github.com/oasisprotocol/oasis-core/pull/6410, this was my initial idea/understanding.