trusted_vault: define GpmPinMetadata structure.

There can only be a single GPM PIN virtual member set for an account.
This is enforced by the server domain service. In order to allow GPM PIN
virtual members to be replaced, the service offers a new field in the
join protobuf that allows the public key of a member to replace to be
specified.

Thus we need to keep track of the public key of the GPM PIN member for
when we want to change it. We also need to be able to set this new field
in the join request to replace the member.

This change defines a `GpmPinMetadata` structure that contains the
public key of the GPM PIN member and the serialized wrapped PIN. This
structure is returned when downloading authentication factors and can be
set when adding a factor.

This is the last change needed to support changing a GPM PIN for an
account.

Change-Id: I7bd7adcccb61c107db53d51d5c115761cc4ab0f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5406359


Reviewed-by: Maksim Moskvitin <mmoskvitin@google.com>
Commit-Queue: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1282190}