Allow the policy to be read remotely and not only the hash.

[alexandref75]

In the current implementation the policy has to be provided OOB. Providing a way of reading the policy directly from Veracruz would obtaining all the information related to a execution inside Veracruz from that instance without requiring OOB information beyond the endpoint.

[dominic-mulligan-arm]

I think this is a straightforward change, though we would need to fix an encoding of the policy.