Add XmlDSigVerifier wrapper for SignedXml

[shunkica]

As per the discussion #517 I set out to do some work on this problematic.

My conclusion was that it would be best to not just separate the reference types, but separate the signer from the validator entirely, while providing a more streamlined interface.

I am submitting this initial draft for your review and opinions.

The goal was to not introduce any breaking change, instead produce these wrappers so users can slowly start migrating toward them. The next step would be to deprecate SignedXml, migrate the specific signature/validation functions in their respective class, with the final breaking change being to remove SignedXml entirely.

The tests are currently just AI slop. I welcome anyone that wants to contribute.

Once the XmlDSigSigner and XmlDSigValidator are configured, they can be reused to sign/validate multiple xml files, since each time sign/compute is called a new SignedXml instance is created internally.

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced XmlDSigVerifier class for streamlined XML signature verification with support for multiple key selector modes (public certificates, KeyInfo, shared secrets).
  • Added centralized URI constants for standardized algorithm and namespace references.
  • Enhanced security with certificate expiration validation, truststore support, and algorithm allow-lists.
  • Added configurable transform limits and improved error handling with optional exception throwing.

• Documentation

  • Added comprehensive XmlDSigVerifier usage guide with examples for different verification scenarios.