refactor!: accept message content instead of digest for sign and verify

[shizhMSFT]

Resolves #100

Changes:

• Sign() in the Signer interface accepts message content instead of digest.
• Verify() in the Verifier interface accepts message content instead of digest.
• External algorithm registration is removed since signing and verification no longer require digest computation.
• Improved doc comments.
• Fixes tests.

[codecov]

Codecov Report

Merging #101 (aa2f81c) into main (66b4a5a) will increase coverage by 2.61%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #101      +/-   ##
==========================================
+ Coverage   89.48%   92.10%   +2.61%     
==========================================
  Files          10       10              
  Lines        1018      975      -43     
==========================================
- Hits          911      898      -13     
+ Misses         72       51      -21     
+ Partials       35       26       -9     

Impacted Files	Coverage Δ
signer.go	100.00% <ø> (ø)
verifier.go	100.00% <ø> (ø)
algorithm.go	100.00% <100.00%> (+3.44%)	⬆️
ecdsa.go	95.89% <100.00%> (+19.32%)	⬆️
ed25519.go	100.00% <100.00%> (ø)
rsa.go	100.00% <100.00%> (+25.00%)	⬆️
sign.go	88.93% <100.00%> (+1.03%)	⬆️
sign1.go	86.86% <100.00%> (+1.75%)	⬆️
headers.go	93.05% <0.00%> (+0.90%)	⬆️
... and 2 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[qmuntal]

If I'm not mistaken, one could previously register a custom algorithm and reuse the built-in signers. This PR removes this capability. Is this intentional?

[shizhMSFT]

If I'm not mistaken, one could previously register a custom algorithm and reuse the built-in signers. This PR removes this capability. Is this intentional?

Previously, we needed to register the external algorithm to access hash algorithms. Now, we don't need them since the digests are computed by the Signer and the Verifier.

External algorithm implementors can implement the Signer and Verifier interfaces and can be used by go-cose directly without any registration. Here's an example implementation.

[qmuntal]

If I'm not mistaken, one could previously register a custom algorithm and reuse the built-in signers. This PR removes this capability. Is this intentional?

Previously, we needed to register the external algorithm to access hash algorithms. Now, we don't need them since the digests are computed by the Signer and the Verifier.

External algorithm implementors can implement the Signer and Verifier interfaces and can be used by go-cose directly without any registration. Here's an example implementation.

You are right, I though a caller could instantiate a built-in signer with a custom algorithm, but it is not possible, so we are fine 😄 .

[qmuntal]

I was not fond of RegisterAlgorithm, so LGTM++!

[yogeshbdeshpande]

LGTM!

[SteveLasker]

LGTM