feat(kms): enhance onboard page with site name, chain info, and k256 pubkey

[Leechael]

Summary

Enhance the KMS onboard page with additional attestation and chain information, and align all auth API implementations to expose the Ethereum RPC URL.

Changes

KMS Onboard Page (kms/src/www/onboard.html)

• Display PPID above Device ID (raw hex, no 0x prefix)
• Display Device ID with 0x prefix
• Display Chain Info card when available:
  • ETH RPC URL
  • KMS Contract Address
• Display custom site name in page title/heading when configured

KMS RPC Proto (kms/rpc/proto/kms_rpc.proto)

• AttestationInfoResponse new fields:
  • string site_name = 5
  • string eth_rpc_url = 6
  • string kms_contract_address = 7
  • bytes ppid = 8

KMS Backend (kms/src/onboard_service.rs)

• Extract raw ppid from verified TDX attestation report
• Fetch eth_rpc_url / kms_contract_address from auth API
• Populate all new AttestationInfoResponse fields

KMS Config (kms/src/config.rs, kms/kms.toml)

• Add optional site_name field under [core]

Auth API Info Endpoint

• kms/auth-eth/src/server.ts: add ethRpcUrl to GET / response
• kms/auth-eth-bun/index.ts: add ethRpcUrl to GET / response
• kms/auth-eth-bun/openapi.json: update SystemInfo schema with ethRpcUrl
• kms/auth-eth-bun/index.test.ts: sync tests and schema assertions

Auth API Client (kms/src/main_service/upgrade_authority.rs)

• AuthApiInfoResponse: add eth_rpc_url (with #[serde(default)])
• GetInfoResponse: add eth_rpc_url: Option<String>

Auth Mock (kms/auth-mock/index.ts)

• Add configurable authorization policies support

Builder Dockerfile (kms/dstack-app/builder/Dockerfile)

• Use absolute paths in COPY --from=build-shared for BuildKit named context compatibility

Configuration Example

[core]
site_name = "My KMS"

[core.auth_api]
type = "webhook"

[core.auth_api.webhook]
url = "http://auth-api:8000"

Testing

• cargo check -p dstack-kms -p dstack-kms-rpc ✅
• prek run ✅
• cd kms/auth-eth-bun && bun run test:run && bun run lint ✅