Add security version to config descriptor

Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.

Test: n/a
Bug: 298580435
Bug: 282205139
(cherry picked from https://android-review.googlesource.com/q/commit:0d520e8e1751fde5a3207c6f27be88a8bbc245dc)
Merged-In: Idb0c991ab12ae75687236f2489e639e4422a0225
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225

security/rkp/README.md

@@ -324,6 +324,11 @@ the range \[-70000, -70999\] (these are reserved for future additions here).
 :                   :        :            : boot stage                        :
 | Resettable        | -70004 | null       | If present, key changes on factory|
 :                   :        :            : reset                             :
+| Security version  | -70005 | uint       | Machine-comparable, monotonically |
+:                   :        :            : increasing version of the firmware:
+:                   :        :            : component / boot stage where a    :
+:                   :        :            : greater value indicates a newer   :
+:                   :        :            : version                           :
 ```
 
 Please see

security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

@@ -427,6 +427,7 @@ interface IRemotelyProvisionedComponent {
      *         ? -70002 : tstr,                         ; Component name
      *         ? -70003 : int / tstr,                   ; Component version
      *         ? -70004 : null,                         ; Resettable
+     *         ? -70005 : uint,                         ; Security version
      *     },
      *     -4670549 : bstr,                         ; Authority Hash
      *     ? -4670550 : bstr,                       ; Authority Descriptor