MayQuery is the map of runtime IDs to the vector of enclave IDs that may query private key material.
TODO: This could be made more sophisticated and seggregate based on contract ID as well, but for now punt on the added complexity.
MayReplicate is the vector of enclave IDs that may retrieve the master secret (Note: Each enclave ID may always implicitly replicate from other instances of itself).
EnclavePolicySGX is the per-SGX key manager enclave ID access control policy.