Add support for tarball contents signature

Currently only supported to allow optional image files in BMC tarball.
In order to ensure that the contents of the tarball are the expected
ones as a full package, an additional signature file has been created
for all the signature files in the tarball,
(ex: image-full.sig = hash(file1.sig + file2.sig + file3.sig...)).
Need to check the existence of the file and the signature verification
passed.

Also, added unit test case for the mergeFiles method.

Tested:
Enable `WANT_SIGNATURE_FULL_VERIFY` and ran the following command:

curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream"
-X POST -T obmc-phosphor-image-fp5280g2.static.mtd.tar

https://${bmc}/redfish/v1/UpdateService
{
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "@odata.type": "#Task.v1_4_3.Task",
  "Id": "1",
  "TaskState": "Running",
  "TaskStatus": "OK"
}

And Log output:
`Successfully completed Signature vaildation.`

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I0e658b9dd90ea405a9c8292f29183ab516a0fa31
diff --git a/meson.build b/meson.build
index c74a927..f06090e 100644
--- a/meson.build
+++ b/meson.build
@@ -54,6 +54,7 @@
 # Configurable features
 conf.set('HOST_BIOS_UPGRADE', get_option('host-bios-upgrade').enabled())
 conf.set('WANT_SIGNATURE_VERIFY', get_option('verify-signature').enabled())
+conf.set('WANT_SIGNATURE_FULL_VERIFY', get_option('verify-full-signature').enabled())
 
 # Configurable variables
 conf.set('ACTIVE_BMC_MAX_ALLOWED', get_option('active-bmc-max-allowed'))
@@ -172,6 +173,7 @@
 
 if get_option('verify-signature').enabled()
     image_updater_sources += files(
+        'utils.cpp',
         'image_verify.cpp',
         'openssl_alloc.cpp'
     )
@@ -246,6 +248,7 @@
 
     gtest = dependency('gtest', main: true, disabler: true, required: build_tests)
     include_srcs = declare_dependency(sources: [
+        'utils.cpp',
         'image_verify.cpp',
         'images.cpp',
         'version.cpp']