Ensure that data hash consists only of C2PA JUMBF data

[cyraxx]

According to the specification:

The combination of exclusion ranges and padding values, especially padding needed to support multi-pass processing workflows, can enable an attacker to replace parts of that padding with arbitrary data that could impact the consumption of the asset without invalidating the hash. For this reason a validator shall ensure that the data contained within the exclusion range consists only of a C2PA Manifest Store and appropriate padding (e.g., zero’d data) in clearly marked pad fields or free/skip boxes. If a validator encounters any data that is not part of the C2PA Manifest Store or padding, then the manifest shall be rejected with a failure code of assertion.dataHash.mismatch.

This means we need to:

• Verify that exclusion ranges in data hash assertions match exactly the JUMBF store in the manifest and not more
• Verify that any padding data is filled with zeros
• Verify that any free/skip boxes in BMFF files are filled with zeros