go-kitesurf, so one can have a TPM-enabled client-side architecture that is independent of the server trust system?