Consider OpenSSL for signature generation and verification.

[priteshbandi]

• We are using homegrown/custom implementation of pkcs7 for timestamp signature, should we consider using openssl?
• OpenSSl is FIPS compliant so we can offload crypto operations to openssl

[shizhMSFT]

If we use openssl, then the notation-go-lib will not be a pure Go library and will be platform specific.