Multiple recoveries with key shares

[jumaffre]

Resolves item 6'' in #51.

Adds support for multiple recoveries when using key shares.

• We now store the (encrypted) msgpack-serialised ledger secrets in the KV (instead of the initial raw ledger secret). This means that CCF now stores the ledger secrets, along with the version at which they're applicable from.
• CCF now issues new shares after the recovery completes (in the same way that we seal all secrets).
• Some refactoring (especially in sharemanager.h).

We now have a recovery scheme using key shares that is equivalent to our existing scheme using sealing keys. It still suffers from the following limitations which will be addressed next:

• Shares are not updated when a new member is added/removed, not when the ledger is rekeyed.
• We are still not resilient to elections during recovery (as submitted shares are not yet stored in the KV).

[ghost]

multiple_recoveries_key_shares@6405 aka 20200325.17 vs master ewma over 30 builds from 6044 to 6402