Optimize get_part_pub_key and get_cert_chain when called together.

In the re-endorsement path, we now call get_part_pub_key() (which already does GetCertChainInfo + GetCertificate for the last cert) and then call get_cert_chain() (which repeats GetCertChainInfo and fetches certs again). Consider refactoring to fetch the PID cert chain once and derive the PID public key from the last cert, so we avoid redundant DDI calls during retries/restores.