[accless] Validate SNP & SGX Report Measurements Against Reference Values

Right now we only check that the quote comes from a genuine enclave, and that the public key in the report data is the one included in the request. We should also check the literal measurement.

This is easy to do, but we will need to expose an infrastructure to provide reference values.