res_stir_shaken: Allow sending Identity headers for unknown TNs

Added a new option "unknown_tn_attest_level" to allow Identity
headers to be sent when a callerid TN isn't explicitly configured
in stir_shaken.conf.  Since there's no TN object, a private_key_file
and public_cert_url must be configured in the attestation or profile
objects.

Since "unknown_tn_attest_level" uses the same enum as attest_level,
some of the sorcery macros had to be refactored to allow sharing
the enum and to/from string conversion functions.

Also fixed a memory leak in crypto_utils:pem_file_cb().

Resolves: #921

UserNote: You can now set the "unknown_tn_attest_level" option
in the attestation and/or profile objects in stir_shaken.conf to
enable sending Identity headers for callerid TNs not explicitly
configured.

(cherry picked from commit 9e5cac457f)

configs/samples/stir_shaken.conf.sample

@@ -99,6 +99,20 @@ One of "A", "B", "C"
 
 Default: none
 
+-- unknown_tn_attest_level --------------------------------------------
+Attestation level to use for unknown TNs.
+One of "A", "B", "C"
+
+Normally if a callerid TN isn't configured in stir_shaken.conf
+no Identity header will be created. If this option is set,
+however, an Identity header will be sent using this
+attestation level.  Since there's no TN object, you must
+ensure that a private_key_file and public_cert_url are
+configured in the attestation or profile objects for
+this to work.
+
+Default: none
+
 -- send_mky -----------------------------------------------------------
 If set and an outgoing call uses DTLS, an "mky" Media Key grant will
 be added to the Identity header.  Although RFC8224/8225 require this,
@@ -116,6 +130,7 @@ Example "attestation" object:
 ;private_key_file = /var/lib/asterisk/keys/stir_shaken/tns/multi-tns-key.pem
 ;public_cert_url = https://example.com/tncerts/multi-tns-cert.pem
 ;attest_level = C
+;unknown_tn_attest_level = C
 
 ;--
 =======================================================================