nihalpasham
Ignore broken update partition content when in UpdateInUpdatingState (closes #80)
panic() occurs when the update partition contains invalid (or damaged) content. This prevents the whole boot process to complete, even when the previous (boot) partition, containing a previous firmware, would be able to start properly. I changed the panic() to errors that can be parsed by calling functions, thus taking appropriate actions. More specifically, when the update partition is in UpdateInUpdatingState(), if the rustboot update cannot be performed successfully, we continue booting the firmware in the boot partition instead of panicking.
[!Note]
We should also mark the update partition so that subsequent boot attempts do not go again through the whole partition verification. Indeed, the first attempt failed, thus subsequent attempts should fail as well. This would required to change the state of the upgrade partition but the state machine currently does not allow to do so.
