Harden attestation validation logic

We currently parse the attestation then check the signature, and we should do this the other way round:
- first validate the signature on the attestation against _all_ of the roots of trust
- Then parse it and ensure that the validated root of trust matches the attestation's claimed one.