attestation: add SNP-based attestation for aws-sev-snp (#1916)

* config: move AMD root key to global constant
* attestation: add SNP based attestation for aws
* Always enable SNP, regardless of attestation type.
* Make AWSNitroTPM default again

There exists a bug in AWS SNP implementation where sometimes
a host might not be able to produce valid SNP reports.
Since we have to wait for AWS to fix this we are merging SNP
attestation as opt-in feature.

internal/config/config_doc.go

@@ -478,11 +478,11 @@ func init() {
 	AWSSEVSNPDoc.Fields[0].Note = ""
 	AWSSEVSNPDoc.Fields[0].Description = "Expected TPM measurements."
 	AWSSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
-	AWSSEVSNPDoc.Fields[1].Name = "launchMeasurement"
-	AWSSEVSNPDoc.Fields[1].Type = "Measurement"
+	AWSSEVSNPDoc.Fields[1].Name = "amdRootKey"
+	AWSSEVSNPDoc.Fields[1].Type = "Certificate"
 	AWSSEVSNPDoc.Fields[1].Note = ""
-	AWSSEVSNPDoc.Fields[1].Description = "Expected launch measurement in SNP report."
-	AWSSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Expected launch measurement in SNP report."
+	AWSSEVSNPDoc.Fields[1].Description = "TODO (derpsteb): reenable launchMeasurement once we have a way to generate the expected value dynamically.\ndescription: |\n  Expected launch measurement in SNP report. Not in use right now.\nLaunchMeasurement measurements.Measurement `json:\"launchMeasurement\" yaml:\"launchMeasurement\" validate:\"required\"`\ndescription: |\n  AMD Root Key certificate used to verify the SEV-SNP certificate chain.\n"
+	AWSSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "TODO (derpsteb): reenable launchMeasurement once we have a way to generate the expected value dynamically."
 
 	AWSNitroTPMDoc.Type = "AWSNitroTPM"
 	AWSNitroTPMDoc.Comments[encoder.LineComment] = "AWSNitroTPM is the configuration for AWS Nitro TPM attestation."