Wrong IPT/descriptor expiry time calculation

In ipt_mgr.rs:

                let publish = current_ipt.for_publish(details)?;
                // TODO HSS wrong descriptor (ipt) expiry time calculation

Lifetimes, even in the published descriptor, are relative. So this means that the correct expiry time is needs to be measured not from now, when we instruct the publisher to publish this IPT, but rather, from the last time the publisher publishes the resulting descriptor. Since the publisher might perform retries, this might be later.

Sorting this out without being vulnerable to races (where the manager tries to drop an IPT just as the publisher is republishing it) is not so easy.

I have two theories:

1. Have the publisher only try for a bounded period of time before requesting a fresh mandate from the manager. This is annoying because it's an explicit back channel from the publisher to the manager (not just for these requests but also for the "bound", which is probably a thing the publisher knows).

2. A shared mutex containing the PublishIptSet and the expiry times. Right before starting a publication attempt, the publisher would check that the intended IPT ipt set is still valid and update the "last published" time. When updating the IPTs, the establisher manager would have to merge its ipt set with the existing one, to copy across the "last published" times.

3. Like 2, but the mutex is the one surrounding ipt_mgr::State. The establisher publisher has a handle onto the manager, and calls a manager method to obtain the ipt list, or something.

@gabi-250: what would be most convenient from the publisher's pov?