Add composite signature engine (#446)

Add CompositeSignature and CompositeSignatureWithKeys classes as part of preliminary work to make CompositeKey signature validation compatible with java.security classes, so that these keys and signatures can be used readily in X.509 certificates.

docs/source/changelog.rst

@@ -9,6 +9,9 @@ UNRELEASED
 * API changes:
     * Added extension function ``Database.transaction`` to replace ``databaseTransaction``, which is now deprecated.
 
+    * Added ``CompositeSignature`` and ``CompositeSignatureData`` as part of enabling ``java.security`` classes to work with
+      composite keys and signatures.
+
 Milestone 10.0
 --------------
 

docs/source/release-notes.rst

@@ -4,6 +4,14 @@ Release notes
 Here are release notes for each snapshot release from M9 onwards. This includes guidance on how to upgrade code from
 the previous milestone release.
 
+Unreleased
+----------
+
+Work has continued on confidential identities, introducing code to enable the Java standard libraries to work with
+composite key signatures. This will form the underlying basis of future work to standardise the public key and signature
+formats to enable interoperability with other systems, as well as enabling the use of composite signatures on X.509
+certificates to prove association between transaction keys and identity keys.
+
 Milestone 10
 ------------