Fix C2SP compliance and simplify

[AlCutter]

This PR is a deeper fix to the C2SP tlog-witness compliance issues, which changes the internal witness API to better match.

Also removes the call to Update exposed via the local HTTP server.

TODO(al): Either in here, or in a follow-up, make Update just return the sig rather than the whole CP.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 42.30769% with 45 lines in your changes missing coverage. Please review.

Project coverage is 23.10%. Comparing base (3c58af4) to head (5b1b9d4).
Report is 154 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/feeder/bastion/bastion_feeder.go	50.00%	20 Missing and 1 partial ⚠️
internal/witness/witness.go	40.00%	17 Missing and 1 partial ⚠️
internal/feeder/feeder.go	0.00%	0 Missing and 2 partials ⚠️
omniwitness/omniwitness.go	0.00%	2 Missing ⚠️
cmd/feedbastion/main.go	0.00%	1 Missing ⚠️
internal/http/server.go	0.00%	1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (3c58af4) and HEAD (5b1b9d4). Click for more details.

HEAD has 2 uploads less than BASE

Flag	BASE (3c58af4)	HEAD (5b1b9d4)
	4	2

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #325       +/-   ##
===========================================
- Coverage   51.05%   23.10%   -27.95%     
===========================================
  Files          11       25       +14     
  Lines         903     1878      +975     
===========================================
- Hits          461      434       -27     
- Misses        374     1366      +992     
- Partials       68       78       +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mhutchinson]

Minor consistency nit: here you use len(x) > 0 but above you do x != "". Can we pick one style of empty checking?

[AlCutter]

Sadly not: body is a []byte, so we're stuck with len here, but for strings != "" is the more "idiomatic"/concise way.