pvmfw: Validate input BCC handover

Ensure that the BCC contained in the configuration data is properly
formatted as a "BCC Handover" [1] i.e. a CBOR-encoded map

    BccHandover = {
      1 : bstr .size 32,     ; CDI_Attest
      2 : bstr .size 32,     ; CDI_Seal
      3 : Bcc,               ; Certificate chain
    }

If not, abort the pVM boot.

[1]: https://pigweed.googlesource.com/open-dice/+/72ad792c4d9ffffef3412801b5da46568a6b3197/src/android/bcc.c#260

Bug: 256827715
Test: atest MicrodroidHostTests
Change-Id: Ibade0ebd1e50d912a59b32c1282022aa46235501
diff --git a/pvmfw/src/main.rs b/pvmfw/src/main.rs
index e6a158d..07cbd0c 100644
--- a/pvmfw/src/main.rs
+++ b/pvmfw/src/main.rs
@@ -39,14 +39,15 @@
 };
 use avb::PUBLIC_KEY;
 use avb_nostd::verify_image;
+use dice::bcc;
 use libfdt::Fdt;
-use log::{debug, error, info};
+use log::{debug, error, info, trace};
 
 fn main(
     fdt: &Fdt,
     signed_kernel: &[u8],
     ramdisk: Option<&[u8]>,
-    bcc: &[u8],
+    bcc: &bcc::Handover,
     memory: &mut MemoryTracker,
 ) -> Result<(), RebootReason> {
     info!("pVM firmware");
@@ -57,7 +58,7 @@
     } else {
         debug!("Ramdisk: None");
     }
-    debug!("BCC: {:?} ({:#x} bytes)", bcc.as_ptr(), bcc.len());
+    trace!("BCC: {bcc:x?}");
 
     // Set up PCI bus for VirtIO devices.
     let pci_node = pci_node(fdt)?;