WIP: Policy system, take 3: JSON

This is a sketch of how to represent and implement policies expressed in
JSON using "take 2" as a model.

Policies are represented as JSON objects that have:

 - zero, one, or more named policy parameters, which have type
   information

 - zero, one, or more bindings for a policy's parameters -- these can be
   default values, or values for parameters of other policies referred
   to by this one

 - an actual policy AST

A policy can refer to other policies.  This is especially necessary for
TPM2_PolicyAuthorize() and TPM2_PolicyAuthorizeNV(), where the
referred-to policy may not be known until run-time, so we really have to
be able to separate the referrent and the referred-to policies.  This
may also be useful for TPM2_PolicyOr() even though its alternatives are
static -- it may help organize policies, and to DRY.

We treat TPM2_PolicyOr() as AST interior nodes.  Interior nodes have to
be singular TPM2_PolicyOr() commands.  Leaf nodes are sequences of
commands the first of which is allowed to be a hole, like
TPM2_PolicyAuthorize() or TPM2_PolicyAuthorizeNV().

See ./policy.jq!