When / how often to do TDX attestations

[ameba23]

Related to #982

See also discussion in #1109

Once #1015 is addressed, we will have a guarantee that the secret signing and encryption keys are generated inside the trust domain and not accessible outside it, as the associated public keys are used as input data for the signed quote.

Since these keys are used for authenticating the TS server, both in protocol sessions and for signing extrinsics, we can be sure that the TS server is running in the trusted domain whenever they authenticate, without them needing to do additional attestations.

So the question is whether we gain anything in terms of security by doing subsequent attestations later.

We have agreed we will do an attestation when a validator initially joins, and again if they change their TS account ID or endpoint.

But the discussion here is whether to also do one at other times.

Specifically in discussion is whether it makes sense to do it at the point a validator joins the signer set by participating in a reshare or the jumpstart DKG. My personal opinion is that we should do it at then, as this will not effect performance from the user's perspective - users can continue to sign messages regardless of how long the reshare protocol takes.