fix: parse ima-modsig d-modsig as d-ng like structured digest

[hyperfinitism]

Motivation

• The IMA spec defines d-modsig as a structured digest (hash algorithm + digest) analogous to d-ng, not as opaque bytes, so parsing and encoding must follow that format.
• The change makes the ima-modsig representation able to express an absent d-modsig distinctly from an all-zero/empty blob.

Description

• Model d-modsig as Option<Digest> in ImaModsigEntry and keep modsig as raw PKCS#7 DER bytes (Vec<u8>).
• Update ASCII parser parse_ima_modsig() to parse the optional d-modsig with parse_prefixed_digest() instead of hex-decoding opaque bytes.
• Update binary parser decode_ima_modsig() to decode fields[3] using decode_d_ng() when non-empty and map an empty field to None.
• Update template encoding in collect_fields() to emit d-modsig using encode_d_ng() when present or an empty field when absent, and update the ima-modsig roundtrip test to use a real d-ng-encoded d-modsig value.

Testing

• Ran cargo test -q which executed the unit test suite and all tests passed.
• The updated parse_ima_modsig_roundtrip test validates decoding of a d-modsig with a real hash algorithm and digest and passed under the test run.

References

• https://ima-doc.readthedocs.io/en/latest/event-log-format.html
• https://docs.kernel.org/security/IMA-templates.html

[gemini-code-assist]

Code Review

This pull request refactors the ima-modsig template handling by transitioning the modsig_digest field from a raw Vec<u8> to a structured Option<Digest>. This change affects the ASCII and binary parsers, template definitions, and hashing logic. A review comment identifies a non-idiomatic semicolon placement in src/log/ascii.rs that should be corrected for better code style.