wolfMQTT integration example

[aidangarske]

Add wolfMQTT integration example

Background

MQTT's TLS only secures the pipe to the broker — the broker itself terminates
the TLS session, meaning a compromised broker can read or tamper with any
message it routes. wolfCOSE fixes this by signing the payload at the source
with the device's private key. The broker sees opaque bytes it cannot forge
or modify, and the subscriber verifies the signature before trusting the data.

This pattern is useful for sensor telemetry (device → cloud), command
authentication (cloud → device), and any deployment where the broker is shared
or untrusted infrastructure.

Scope

Add examples/mqtt/ to the wolfCOSE repo. No changes to wolfCOSE or wolfMQTT
source are required — wolfMQTT's MqttMessage.buffer accepts the COSE blob
directly as the payload.

Tasks

• examples/mqtt/mqtt_publisher.c — sign a payload with CoseSign1_Sign, publish via wolfMQTT
• examples/mqtt/mqtt_subscriber.c — call CoseSign1_Verify inside the wolfMQTT message callback, reject on failure
• examples/mqtt/mqtt_keys.h — test EC P-256 key pair, clearly labeled as non-production
• examples/mqtt/README.md — dependencies, build instructions, how to run against a local Mosquitto broker
• Makefile target: make mqtt-example
• CI: compile-only build check (no broker needed)

Future extensions

• COSE_Mac0 variant using HMAC-256 for devices with pre-shared symmetric keys
• Command authentication example (cloud signs, device verifies before executing)
• Encrypted payload using COSE_Encrypt0 for confidential telemetry