fix: use async AMD SNP KDS fetch

[kvinwang]

Fixes #746.

This removes reqwest::blocking from the AMD SEV-SNP KDS fallback path and uses async reqwest::Client instead, so async attestation verification no longer creates/drops a nested Tokio runtime in an async context.

Changes:

• add AmdKdsClient, which owns the async HTTP client and bounded moka CA/VCEK collateral caches
• update async attestation verification paths to use a caller-owned KDS client when available
• make dstack-verifier keep one AMD KDS client instance per verifier instance, instead of using global cache state
• keep the existing sync/free verifier APIs compatible via compatibility wrappers
• set KDS connect timeout to 30 seconds and request timeout to 2 minutes

Validation:

• cargo fmt --check --all
• cargo check -p sev-snp-qvl -p dstack-attest -p dstack-verifier
• cargo clippy -p sev-snp-qvl -p dstack-attest -p dstack-verifier -- -D warnings -D clippy::expect_used -D clippy::unwrap_used --allow unused_variables
• cargo test -p sev-snp-qvl
• cargo test -p dstack-attest --test sev_snp_verify
• cargo test -p dstack-verifier
• live SNP attestation with empty cert chain reaches quote_verified=true via KDS fallback without the Tokio runtime panic from Harden AMD SEV-SNP KDS collateral fetch (async client, timeouts, caching) #746

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.