Re-structure SGX-LKL options with respect to attestation

[davidchisnall]

We need to clean up the configuration options of SGX-LKL:

1. We should go over the options supported by sgx-lkl-run and remove ones that are no longer necessary.

2. The remaining ones should be divided into three groups:

   a. Debug options, which are only available in the DEBUG build of SGX-LKL.

   b. Host options, which only impact the operation of the launcher but otherwise have no correctness implications for the enclave.

   c. Enclave options, which impact the behaviour of the enclave and therefore their values must be included in the attestation. Only the parameters in this category are exposed in the attestation

3. In addition, we need to support JSON configuration files for (i) the host configuration options (a+b) and enclave app_config (c). In RELEASE mode, the enclave app_config is the only permitted way to set enclave options (c).

@letmaik @wintersteiger does this capture it?

[jxyang]

We should have clear documentations for things we put inside app config, with indications of which ones are in the dynamic attestation report.

[wintersteiger]

Yes, that's why we're doing this. It has to be absolutely clear what's attested and checked, and what's just copied over from/to the host.