feat: add X.509 certificate chain verification

feat: add element hash verification against MSO valueDigests

- Add trusted_root_certs parameter to verify() methods
- Verify DS certificate is signed by trusted IACA root
- Verify certificate validity dates
- Store verified root certificate in MsoVerifier.verified_root
- Backward compatible: skips validation if trusted_root_certs is None
- Add comprehensive documentation in docs/certificate_chain_verification.md
- Add verify_element_hashes() method to MsoVerifier
- Verify SHA-256 hash of each IssuerSignedItem against MSO
- Add verify_hashes parameter to verify() methods (default: True)
- Store verification results in MobileDocument.hash_verification
- Handle CBORTag objects properly when computing hashes
- Update documentation with hash verification details and examples

Author: FlavPMU