change(bootloader_support/secure_boot): Allow NULL as verified_digest for app build

The esp_secure_boot_verify_sbv2_signature_block() and esp_secure_boot_verify_rsa_signature_block()
APIs need and use the verified_digest argument only for BOOTLOADER_BUILD, but the argument is
not used in the application code, and the value present in verified_digest is considered invalid.
Thus, allow passing NULL as the verified_digest parameter to help some save space.

components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c

@@ -185,7 +185,6 @@ static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t
 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 {
     uint8_t digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
-    uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
 
     /* Rounding off length to the upper 4k boundary */
     uint32_t padded_length = ALIGN_UP(length, FLASH_SECTOR_SIZE);
@@ -203,7 +202,7 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
         return ESP_FAIL;
     }
 
-    err = esp_secure_boot_verify_sbv2_signature_block(sig_block, digest, verified_digest);
+    err = esp_secure_boot_verify_sbv2_signature_block(sig_block, digest, NULL);
     if (err != ESP_OK) {
         ESP_LOGE(TAG, "Secure Boot V2 verification failed.");
     }
@@ -218,9 +217,11 @@ esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_sign
 {
     bool any_trusted_key = false;
 
+    if (verified_digest != NULL) {
         /* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called
             during boot-time verification. */
         memset(verified_digest, 0, ESP_SECURE_BOOT_DIGEST_LEN);
+    }
 
     esp_image_sig_public_key_digests_t trusted = {0};