Edge cases when updating assets that already have manifest data

[cyraxx]

Some interesting edge cases are left after the implementation of splicing a manifest into assets (#45) that might occur when an asset is manipulated that already had existing manifest data:

• For both PNG and JPEG: If an asset contains multiple manifest stores, this is ignored and treated as if there is no manifest store (in line with the specification). However, during manifest insertion, we then insert a new manifest store, which would cause the asset to still have multiple stores and be invalid. The fix is relatively simple: Instead of relying on the cached information that there is no manifest store, go through all chunks/boxes and remove any existing manifest stores.
• For BMFF: If an existing C2PA uuid box appears anywhere after the meta box, the file offsets in iloc will likely be wrong. Also, any non-top-level C2PA boxes (e.g. for Merkle hashing) are currently ignored and might cause issues. Both of these need to be investigated further.