OMG, it is really horrible to use the NSS SEC_ASN1DecodeItem() API. Figuring
out how to set up the SEC_ASN1Template data structure for decoding
TimeStampResp was much harder than setting up the template for encoding a
TimeStampReq. Luckily I don't actually need to look into the timeStampToken,
but can copy that as such into the CMS as an unsigned attribute.

I'll cheerfully ignore for now RFC3161's requirements on how the TSA client
should check the validity of the response. Let's leave that up to the PDF
viewing (and validating) application.

Also improve the SAL_INFO logging, use a timeout for the curl operation, add
more ASN.1 in comments for information, etc.

Still to do: Actually add the TimeStampResp to the NSSCMSSignerInfo.

Change-Id: Id4f800e2cf12a01106b326a31c34eb99f2aa724e