Revisit security controls for and surrounding HSMs

[tobij]

The current NCSSRs require "Multi-Party Control for physical access to any Root CA System" in section 2.2.4.

netsec/docs/NSR.md

Line 346 in 8130aee

The CA MUST enforce the use of Multi-Party Control for physical access to any Root CA System.

The history in this requirement is entangled with section 1 of the NCSSRs of version 1.7 and section 2.1 the NCSSRs after the restructure.

Section 2.1 after the restucturing used to require:

Each Trusted Role MUST be assigned responsibilities, privileges, and access in a manner consistent with:
[...]
requirements of Multi-Party Control.

whereas after NS-008, it needs to be "in a manner consistent with":

the Principle of Separation of Duties.

After discussion in the NetSec WG meeting, we discovered we may have to revisit if the requirements surrounding HSMs are clear and consistent and correctly scoped.