[sesame-esam] Add new port

[bokelleher]

Adds a new port: sesame-esam 0.1.0.

SESAME (Secure ESAM Authentication and Message Encryption) is the proposed
SCTE 130-9 security layer for the ESAM interface: HMAC-SHA256 authentication,
channel-scoped authorization, and AES-256-GCM payload encryption carried in
HTTP headers. This port is the native C++ implementation.

• Upstream: https://github.com/bokelleher/sesame-sdk (the C++ SDK lives in cpp/)
• Pinned to the cpp-v0.1.0 tag with a verified SHA512.
• Depends on openssl; installs an exported CMake package consumed as
  find_package(sesame) / sesame::sesame.
• Dual-licensed MIT OR Apache-2.0.

The library is implemented from scratch in four languages (Rust, C++, Python,
Go), each proven byte-for-byte against a shared set of conformance vectors.

• Changes comply with the maintainer guide.
• The name of the port matches an existing name for this component on https://repology.org/ if possible, and/or the name of the upstream project.
• Optional dependencies are resolved in exactly one way. CI verifies this if you use a manifest file.
• Versioning database files were added via vcpkg x-add-version.

[bokelleher]

@microsoft-github-policy-service agree

[BillyONeal]

Given that the upstream repo is only 4 days old it seems unlikely that this is ready for broad publishing in vcpkg's registry; it doesn't meet our maturity requirements: https://learn.microsoft.com/vcpkg/contributing/maintainer-guide#packaged-projects-should-be-mature

[*] The name of the port matches an existing name for this component on https://repology.org/ if possible, and/or the name of the upstream project.

https://repology.org/projects/?search=sesame-esam returns no results, so this seems like a lie.

When this does meet the maturity guideline in the future, please also make sure the real new port checklist

vcpkg/.github/pull_request_template.md

Lines 19 to 31 in 3bebaa2

	- [ ] Changes comply with the [maintainer guide](https://github.com/microsoft/vcpkg-docs/blob/main/vcpkg/contributing/maintainer-guide.md).
	- [ ] The packaged project shows strong association with the chosen port name. Check this box if at least one of the following criteria is met:
	- [ ] The project is in Repology: https://repology.org/project/<PORT NAME>/versions
	- [ ] The project is amongst the first web search results for "<PORT NAME>" or "<PORT NAME> C++". Include a screenshot of the search engine results in the PR.
	- [ ] The port name follows the 'GitHubOrg-GitHubRepo' form or equivalent `Owner-Project` form.
	- [ ] Optional dependencies of the build are all controlled by the port. A dependency is controlled if it is declared an unconditional dependency in `vcpkg.json`, or explicitly disabled through patches or build system arguments such as [CMAKE_DISABLE_FIND_PACKAGE_Xxx](https://cmake.org/cmake/help/latest/variable/CMAKE_DISABLE_FIND_PACKAGE_PackageName.html) or [VCPKG_LOCK_FIND_PACKAGE](https://learn.microsoft.com/vcpkg/users/buildsystems/cmake-integration#vcpkg_lock_find_package_pkg)
	- [ ] The versioning scheme in `vcpkg.json` matches what upstream says.
	- [ ] The license declaration in `vcpkg.json` matches what upstream says.
	- [ ] The installed as the "copyright" file matches what upstream says.
	- [ ] The source code of the component installed comes from an authoritative source.
	- [ ] The generated "usage text" is brief and accurate. See [adding-usage](https://github.com/microsoft/vcpkg-docs/blob/main/vcpkg/examples/adding-usage.md) for context. Don't add a usage file if the automatically generated usage is correct.
	- [ ] The version database is fixed by rerunning `./vcpkg x-add-version --all` and committing the result.
	- [ ] Exactly one version is added in each modified versions file.

is used rather than making up some other checklist. I don't understand why AI tools love to do that but they do.

Also, GPT 5.4 notes that the shipped CMake package reports version 0.1.0 while the port is 0.1.1, so find_package(sesame 0.1.1 CONFIG REQUIRED) fails.

[bokelleher]

Billy,

Thanks for the honest reply. Will resubmit this when maturity is more developed.

Kind regards,

Bo