Changes many fields to required -- as far as we were able to figure out,
signing would fail if these fields aren't provided anyway, so this
should not pose a compatibility problem.
Co-authored-by: matejcik <ja@matejcik.cz>
On a cleanly wiped device, storage must be unlocked in order to create
and retrieve the serial number. However, storage unlocking happens in
boot.py, which is imported _after_ usb.py
We must therefore sidestep asking for the serial number.
This is to avoid including app-specific functionality in storage and
avoid circular imports. The following policy is now in effect: modules
from `storage` namespace must not import from `apps` namespace.
In most files, the change only involves changing import paths.
A minor refactor was needed in case of webauthn: basic get/set/delete
functionality was left in storage.webauthn, and more advanced logic on
top of it was moved to apps.webauthn.resident_credentials.
A significant refactor was needed for sd_salt, where application (and
UI) logic was tightly coupled with the IO code. This is now separated,
and storage.sd_salt deals exclusively with the IO side, while the app/UI
logic is implemented on top of it in apps.common.sd_salt and
apps.management.sd_protect.
