Signed container, some kind of analogue to ASN.1-based CMS SignedData.
=> https://datatracker.ietf.org/doc/html/rfc5652 CMS

* Ability to embed the data in the signed container
* Ability to create detached signature
* Ability to use non-prehashed signature of the embedded data, potentially
  gaining more security
* Prehashed format is streaming friendly
* You can use [cm/hashed/Merkle] hashing mode to parallelise calculations
* Ability to attach arbitrary additional data
* Ability to store multiple signatures

Stored in a file, it should begin with "cm/signed" [encoding/MAGIC],
unless it is a [cm/pub/]lic key.

[schemas/av.tcl] [schemas/fpr.tcl] [schemas/signed.tcl]

Signature is created by signing the:

    [detached-data] || /load || sig-tbs

If no "/load/v" is provided, then the data is detached from the
"cm/signed" structure itself and it is fed into hasher before that
structure. You can provide it any way you wish, but for keeping that
detached data closely to the "cm/signed", you should use the
following approach:

    cm/signed/prehash || BLOB(detached-data) || cm/signed

[schemas/signed-prehash.tcl]

With "cm/signed/prehash" you initialise your hashers used during signing
process and feed BLOB's contents (not the encoded BLOB itself!) into the them.

"/sigs/*/tbs/when" is optional signing time.

Additional values that must be protected (covered by signature) are
placed in "/sigs/*/tbs" map. Non-protected (informational) fields
are placed outside it.

"/pubs" are optionally provided [cm/pub/]lic keys to help creating the
whole verification chain. They are placed outside "/sigs", because some
of them may be shared among signers.

If signed data is also intended to be [cm/encrypted/], then
"/sigs/*/tbs/encrypted-to" should be set to corresponding recipient's
public key fingerprint(s).

do-backs