Add support for sandboxed tricky store-like spoofing of hardware keys for banking apps #378
Description
It may be possible to adapt features from trickystore (specifically trickystore-OSS) into GrapheneOS in a way that enhances privacy without introducing significant security risks.
The idea is to allow a sandboxed profile (for, for example, banking apps) to use user-provided attestation keys (including spoofing strong play integrity with those keys) instead of exposing the device’s real hardware-backed keys, which also has some extra benefits, such as preventing fingerprinting via play integrity attestation, which would in theory increase privacy while still providing (spoofed) play integrity strong attestation for apps requiring it.