feat(tee): introduce get_tee_proofs RPC method for TEE proofs (#2474)

## What ❔

Add `get_tee_proofs` RPC method to expose TEE attestations and proofs
for a given batch number and TEE type.

Currently, there can be only one proof instance per batch number per TEE
type. In the future, we may allow multiple instances since attestations
can be revoked if the machine that produced them is compromised.

## Why ❔

We want to enable anyone to download TEE attestations and proofs for any
transaction, allowing them to verify it on their own machines using the
`verify-attestation` standalone binary (available at
https://github.com/matter-labs/teepot/tree/main/bin/verify-attestation).

This is just an intermediate step; the ultimate goal is to have TEE
proofs and attestations verification implemented on-chain.

## Checklist

- [x] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [ ] Tests for the changes have been added / updated.
- [ ] Documentation comments have been added / updated.
- [x] Code has been formatted via `zk fmt` and `zk lint`.

core/bin/zksync_tee_prover/src/api_client.rs

@@ -74,8 +74,11 @@ impl TeeApiClient {
 
     /// Fetches the next job for the TEE prover to process, verifying and signing it if the
     /// verification is successful.
-    pub async fn get_job(&self) -> Result<Option<Box<TeeVerifierInput>>, TeeProverError> {
-        let request = TeeProofGenerationDataRequest {};
+    pub async fn get_job(
+        &self,
+        tee_type: TeeType,
+    ) -> Result<Option<Box<TeeVerifierInput>>, TeeProverError> {
+        let request = TeeProofGenerationDataRequest { tee_type };
         let response = self
             .post::<_, TeeProofGenerationDataResponse, _>("/tee/proof_inputs", request)
             .await?;

core/bin/zksync_tee_prover/src/tee_prover.rs

@@ -112,7 +112,7 @@ impl TeeProver {
     }
 
     async fn step(&self) -> Result<Option<L1BatchNumber>, TeeProverError> {
-        match self.api_client.get_job().await? {
+        match self.api_client.get_job(self.tee_type).await? {
             Some(job) => {
                 let (signature, batch_number, root_hash) = self.verify(*job)?;
                 self.api_client

core/lib/dal/doc/TeeProofGenerationDal.md

@@ -0,0 +1,19 @@
+# TeeProofGenerationDal
+
+## Table Name
+
+`tee_proofs`
+
+## `status` Diagram
+
+```mermaid
+---
+title: Status Diagram
+---
+stateDiagram-v2
+[*] --> ready_to_be_proven : insert_tee_proof_generation_job
+ready_to_be_proven --> picked_by_prover : get_next_batch_to_be_proven
+picked_by_prover --> generated : save_proof_artifacts_metadata
+generated --> [*]
+
+```

core/lib/dal/migrations/20240805144000_tee_proofs_reorg.down.sql

@@ -0,0 +1,5 @@
+ALTER TABLE tee_verifier_input_producer_jobs ADD COLUMN picked_by TEXT;
+
+ALTER TABLE tee_proof_generation_details DROP CONSTRAINT tee_proof_generation_details_pkey;
+ALTER TABLE tee_proof_generation_details ALTER COLUMN tee_type DROP NOT NULL;
+ALTER TABLE tee_proof_generation_details ADD PRIMARY KEY (l1_batch_number);

core/lib/dal/migrations/20240805144000_tee_proofs_reorg.up.sql

@@ -0,0 +1,7 @@
+ALTER TABLE tee_verifier_input_producer_jobs DROP COLUMN picked_by;
+
+ALTER TABLE tee_proof_generation_details DROP CONSTRAINT tee_proof_generation_details_pkey;
+UPDATE tee_proof_generation_details SET tee_type = 'sgx' WHERE tee_type IS NULL;
+ALTER TABLE tee_proof_generation_details ALTER COLUMN tee_type SET NOT NULL;
+ALTER TABLE tee_proof_generation_details ALTER COLUMN l1_batch_number SET NOT NULL;
+ALTER TABLE tee_proof_generation_details ADD PRIMARY KEY (l1_batch_number, tee_type);

core/lib/dal/src/models/mod.rs

@@ -11,6 +11,7 @@ pub mod storage_log;
 pub mod storage_oracle_info;
 pub mod storage_protocol_version;
 pub mod storage_sync;
+pub mod storage_tee_proof;
 pub mod storage_transaction;
 pub mod storage_verification_request;
 pub mod storage_witness_job_info;

core/lib/dal/src/models/storage_tee_proof.rs

@@ -0,0 +1,10 @@
+use chrono::NaiveDateTime;
+
+#[derive(Debug, Clone, sqlx::FromRow)]
+pub struct StorageTeeProof {
+    pub pubkey: Option<Vec<u8>>,
+    pub signature: Option<Vec<u8>>,
+    pub proof: Option<Vec<u8>>,
+    pub updated_at: NaiveDateTime,
+    pub attestation: Option<Vec<u8>>,
+}