Clarify how to verify SGX evidence without an Intel SGX-enabled platform (#3158)

This PR encompasses two complementing purposes:

A documentation on verifying an Intel SGX evidence as produced by WAMR,
including a guide for verification without an Intel SGX-enabled platform.
This also contains a small addition to the RA sample to extract specific
information, such as whether the enclave is running in debug mode.

A C# sample to verify evidence on trusted premises (and without Intel SGX).
Evidence is generated on untrusted environments, using Intel SGX.

core/iwasm/libraries/lib-rats/lib_rats_common.h

@@ -15,6 +15,22 @@
 extern "C" {
 #endif
 
+/* Enclave Flags Bit Masks */
+/* If set, then the enclave is initialized */
+#define SGX_FLAGS_INITTED 0x001ULL
+/* If set, then the enclave is debug */
+#define SGX_FLAGS_DEBUG 0x002ULL
+/* If set, then the enclave is 64 bit */
+#define SGX_FLAGS_MODE64BIT 0x004ULL
+/* If set, then the enclave has access to provision key */
+#define SGX_FLAGS_PROVISION_KEY 0x010ULL
+/* If set, then the enclave has access to EINITTOKEN key */
+#define SGX_FLAGS_EINITTOKEN_KEY 0x020ULL
+/* If set, then the enclave uses KSS */
+#define SGX_FLAGS_KSS 0x080ULL
+/* If set, then the enclave enables AEX Notify */
+#define SGX_FLAGS_AEX_NOTIFY 0x400ULL
+
 #define SGX_QUOTE_MAX_SIZE 8192
 #define SGX_USER_DATA_SIZE 64
 #define SGX_MEASUREMENT_SIZE 32