Require domain separation for SignerDecrypter signature payloads using the StandardCapabilityAccount

[vreff]

This ensures that users of the StandardCapabilityAccount account for the SignerDecrypter component domain separate their payloads using the recommended MakePeerIDSignatureDomainSeparatedPayload helper function from libocr.

Also, bumps libocr.

[github-actions]

✅ API Diff Results - No breaking changes

---

📄 View full apidiff report | 📚 Learn about apidiff

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite	Current: 3d2884e	Previous: 60798d1	Ratio
BenchmarkKeystore_Sign/nop/in-process	731.8 ns/op	352.2 ns/op	2.08

This comment was automatically generated by workflow using github-action-benchmark.

[vreff]

@jmank88 interesting to see: #1578 (review).

I guess bytes.hasPrefix is a bit less performant than the manual check. I don't foresee this being a problem for our use case, LMK if there's any reason we should care about the change in signing speed.

[jmank88]

@jmank88 interesting to see: #1578 (review).

I guess bytes.hasPrefix is a bit less performant than the manual check. I don't foresee this being a problem for our use case, LMK if there's any reason we should care about the change in signing speed.

Oh, wasn't that there with the last version too? The internals look equivalent.

[vreff]

Oh, wasn't that there with the last version too? The internals look equivalent.

The benchmarks test passed on the commit before the hasPrefix change 🤷