Implement Shamir's Secret Sharing for SignstarOS

To deal with the lifecycle of administrative secrets for a NetHSM backend we need the following:

• initial creation of NetHSM administrative secrets,
• split the secret using SSS into multiple shares,
• detect the download of individual shares,
• detect the upload of shares up to N out of M,
• recover the administrative secret and test if it works (this requires a no-op with administrative credentials)