Implement CSCA Trust Anchor Management

[Hermann-Core]

Implement the mechanism for securely managing CSCA trust anchors used to verify the certificate chain of eID documents.

Tasks

• Design and implement a persistent trust store for CSCA certificates
• Periodically refresh trust anchors from TR-03129 PKI interfaces
• Support atomic replacement or reloading of the trust store
• Provide logging and metrics for trust store updates
• Add caching and rollback protection

Reference

• TR-03130 Part 1, §2.4.1